dba0ee8470a9bba8fa8098e433cf1aa3d441814537661e4501e627c1d3132acd | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 16:06

Sharing

Report Analysis Logs

General

Target

04e1382131863bc4f7efd213bbbf9a97.dll
Size

279KB
MD5

04e1382131863bc4f7efd213bbbf9a97
SHA1

9163bba2c1ce3c2f36ed816e70b084596ee84374
SHA256

dba0ee8470a9bba8fa8098e433cf1aa3d441814537661e4501e627c1d3132acd
SHA512

f06458ce1b28d09813c3de4b37e3a5019dd7034b5f5e65f75c2e2ce13e70a4cb6bf7c68750b4c4f0cb2f730d7986df6efeb0a9d636bf8378c0eb674dbaca912a
SSDEEP

6144:ukefz+dqJUC1ofaLZJy1vZCOtHtMWAeDQLANT:f4QqJUC1U2ZJgv9tNwMNT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1708-1-0x00000000001F0000-0x0000000000287000-memory.dmp	upx
behavioral1/memory/1708-0-0x00000000001F0000-0x0000000000287000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 1708	1984	rundll32.exe	15
PID 1984 wrote to memory of 1708	1984	rundll32.exe	15
PID 1984 wrote to memory of 1708	1984	rundll32.exe	15
PID 1984 wrote to memory of 1708	1984	rundll32.exe	15
PID 1984 wrote to memory of 1708	1984	rundll32.exe	15
PID 1984 wrote to memory of 1708	1984	rundll32.exe	15
PID 1984 wrote to memory of 1708	1984	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04e1382131863bc4f7efd213bbbf9a97.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\04e1382131863bc4f7efd213bbbf9a97.dll,#1
  2⤵
  PID:1708

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1708-1-0x00000000001F0000-0x0000000000287000-memory.dmp

Filesize
604KB

Download
memory/1708-0-0x00000000001F0000-0x0000000000287000-memory.dmp

Filesize
604KB

Download
memory/1708-2-0x00000000001F0000-0x0000000000287000-memory.dmp

Filesize
604KB

Download