94e326d7f5d0aec37d3d2691d3a96b191248786ae5bafa2c539f7a7c4226d511 | Triage

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 21:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

13cfa45d88761dd6f05eed27b9b635a2.dll
Size

33KB
MD5

13cfa45d88761dd6f05eed27b9b635a2
SHA1

89b5c0e0d53759f7165f7ee0b1bbb9ef894f9d07
SHA256

94e326d7f5d0aec37d3d2691d3a96b191248786ae5bafa2c539f7a7c4226d511
SHA512

924f684368840c71dad251e8cb57ba33215a62477986e140118f93f6ca931deae680bf03054fe243abf453e8feb0fbc29d44a6af59b6115c2c1dca2ad4bafb95
SSDEEP

768:Ru0pTbltRY99zmbBBgKkqYk/CeMWXaj9etrL6:Ru0pflt+JuBBgOYolMMaEa

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2004-0-0x0000000010000000-0x0000000010016000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2004	1712	rundll32.exe	28
PID 1712 wrote to memory of 2004	1712	rundll32.exe	28
PID 1712 wrote to memory of 2004	1712	rundll32.exe	28
PID 1712 wrote to memory of 2004	1712	rundll32.exe	28
PID 1712 wrote to memory of 2004	1712	rundll32.exe	28
PID 1712 wrote to memory of 2004	1712	rundll32.exe	28
PID 1712 wrote to memory of 2004	1712	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13cfa45d88761dd6f05eed27b9b635a2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\13cfa45d88761dd6f05eed27b9b635a2.dll,#1
  2⤵
  PID:2004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2004-0-0x0000000010000000-0x0000000010016000-memory.dmp

Filesize
88KB

Download