7855652bf1b93ed6dea8f5a255ef4891b218c811b74732e386ecd404c377f76c

Analysis

max time kernel
143s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
22/10/2023, 02:45

Target

7855652bf1b93ed6dea8f5a255ef4891b218c811b74732e386ecd404c377f76c.dll
Size

1.5MB
MD5

6829f8fd5d74860388323613b62b4201
SHA1

7de2991db871946ebaec8c117af45a65a4ab7e6e
SHA256

7855652bf1b93ed6dea8f5a255ef4891b218c811b74732e386ecd404c377f76c
SHA512

19e57639fa988e99eeb9ee0a380d5e2769efa1a72776dadf33525d74640e8ec064deac3518e73f7d5a4dcd6fb467a012475c8df2efe0bfaa32c85567ca705d4e
SSDEEP

24576:bkLzQt1JkWHqX0Z+5eLM6S9y1wzDlB5eduETYIQaO5tiBEXhxYdKor:Lp1J9elBQd8wNr

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3976-1-0x0000000002CB0000-0x0000000002CBB000-memory.dmp	upx
behavioral2/memory/3976-3-0x0000000002CB0000-0x0000000002CBB000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3976	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1344 wrote to memory of 3976	1344	rundll32.exe	82
PID 1344 wrote to memory of 3976	1344	rundll32.exe	82
PID 1344 wrote to memory of 3976	1344	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7855652bf1b93ed6dea8f5a255ef4891b218c811b74732e386ecd404c377f76c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7855652bf1b93ed6dea8f5a255ef4891b218c811b74732e386ecd404c377f76c.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3976

memory/3976-0-0x0000000010000000-0x00000000101B8000-memory.dmp

Filesize
1.7MB

Download
memory/3976-1-0x0000000002CB0000-0x0000000002CBB000-memory.dmp

Filesize
44KB

Download
memory/3976-3-0x0000000002CB0000-0x0000000002CBB000-memory.dmp

Filesize
44KB

Download
memory/3976-2-0x0000000002B50000-0x0000000002B51000-memory.dmp

Filesize
4KB

Download
memory/3976-4-0x0000000010000000-0x00000000101B8000-memory.dmp

Filesize
1.7MB

Download