3c7dd7f9c870ff7eeb958cbb179f529056aa0d76804e5e40ae1b578b8bf6f8b0

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 18:05

Target

3330d1ac240167ea75719949903ebc7f.dll
Size

55KB
MD5

3330d1ac240167ea75719949903ebc7f
SHA1

0417243e190f3cb0f2a52fff7ace434827fe0fd5
SHA256

3c7dd7f9c870ff7eeb958cbb179f529056aa0d76804e5e40ae1b578b8bf6f8b0
SHA512

1a5efd11253ee393d6ce0ae18f65efdc006077c2d15256e49105aeec3f82f5d02f71dc2ec5c31b60fbcd035cecc50b072de628d2a484f2e1ebed3a5343cc53ea
SSDEEP

1536:CxaLocb551nGksJzBWVT9pc8ey9787y/pIEMsiF6+irxLr:C2oWSG9pc8eOQ7yCEMsiF6+irxH

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2188-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2188	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1476 wrote to memory of 2188	1476	rundll32.exe	16
PID 1476 wrote to memory of 2188	1476	rundll32.exe	16
PID 1476 wrote to memory of 2188	1476	rundll32.exe	16
PID 1476 wrote to memory of 2188	1476	rundll32.exe	16
PID 1476 wrote to memory of 2188	1476	rundll32.exe	16
PID 1476 wrote to memory of 2188	1476	rundll32.exe	16
PID 1476 wrote to memory of 2188	1476	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3330d1ac240167ea75719949903ebc7f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1476
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3330d1ac240167ea75719949903ebc7f.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2188

memory/2188-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download