6d998a692fe151e9aca960e5944a42af8a18d7df0f9ae4ea54842dfd0c0f247f

Analysis

max time kernel
120s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 16:06

Target

2bc33eefee45bc926d74626982f20ba9.dll
Size

60KB
MD5

2bc33eefee45bc926d74626982f20ba9
SHA1

04d0313ad203990ebaa7b4f272dfb10afcc118c1
SHA256

6d998a692fe151e9aca960e5944a42af8a18d7df0f9ae4ea54842dfd0c0f247f
SHA512

0659c466152206d1f0ab560379ecc7d9f85a94e9c8d8ef5a8dc3900a6e0275ef5294b8f3e3271bb679ebcfbf5feb0467752c62617c0f672bba27ec7f8f200b93
SSDEEP

768:yuUr3ip/IHI7NQTvRqQoBCbOXbCBjUu1GwL5GSZaoSfjS4jF5jXC1k1uE0bFm:yl3E0TjoBMhdZW2AFJ0k1uE0xm

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1200-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1292 wrote to memory of 1200	1292	rundll32.exe	28
PID 1292 wrote to memory of 1200	1292	rundll32.exe	28
PID 1292 wrote to memory of 1200	1292	rundll32.exe	28
PID 1292 wrote to memory of 1200	1292	rundll32.exe	28
PID 1292 wrote to memory of 1200	1292	rundll32.exe	28
PID 1292 wrote to memory of 1200	1292	rundll32.exe	28
PID 1292 wrote to memory of 1200	1292	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bc33eefee45bc926d74626982f20ba9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2bc33eefee45bc926d74626982f20ba9.dll,#1
  2⤵
  PID:1200

memory/1200-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/1200-1-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download