e978689dbe200a4695ce48356876f003261ce6c80a6996e05c5134410ad589aa

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 20:07

Target

3a3811ce977d4cb289869d40dc523802.dll
Size

853KB
MD5

3a3811ce977d4cb289869d40dc523802
SHA1

92c15dcefc0e2032184493b73dadd285e19ec3bc
SHA256

e978689dbe200a4695ce48356876f003261ce6c80a6996e05c5134410ad589aa
SHA512

675d8d0eaa70c65980175d7cb6959aeeb2351c0caa02eca5266c0fffe29f16d3c3a9e1009b773fd363c8396f6e400908f3111b85591e8ca4a77dfb57de0ff92a
SSDEEP

24576:8Q0g2J7v6W02Cp1X59WmU2OisWgZPG5n9aV/d+0lO:C7iQCp1XHUTisWRn++0s

Score

7^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2280-0-0x0000000001FC0000-0x000000000225C000-memory.dmp	upx
behavioral1/memory/2280-1-0x0000000001FC0000-0x000000000225C000-memory.dmp	upx
behavioral1/memory/2280-2-0x0000000001FC0000-0x000000000225C000-memory.dmp	upx
behavioral1/memory/2280-3-0x0000000001FC0000-0x000000000225C000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2280	1756	rundll32.exe	28
PID 1756 wrote to memory of 2280	1756	rundll32.exe	28
PID 1756 wrote to memory of 2280	1756	rundll32.exe	28
PID 1756 wrote to memory of 2280	1756	rundll32.exe	28
PID 1756 wrote to memory of 2280	1756	rundll32.exe	28
PID 1756 wrote to memory of 2280	1756	rundll32.exe	28
PID 1756 wrote to memory of 2280	1756	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a3811ce977d4cb289869d40dc523802.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3a3811ce977d4cb289869d40dc523802.dll,#1
  2⤵
  PID:2280

memory/2280-0-0x0000000001FC0000-0x000000000225C000-memory.dmp

Filesize
2.6MB

Download
memory/2280-1-0x0000000001FC0000-0x000000000225C000-memory.dmp

Filesize
2.6MB

Download
memory/2280-2-0x0000000001FC0000-0x000000000225C000-memory.dmp

Filesize
2.6MB

Download
memory/2280-3-0x0000000001FC0000-0x000000000225C000-memory.dmp

Filesize
2.6MB

Download
memory/2280-5-0x0000000000720000-0x0000000000730000-memory.dmp

Filesize
64KB

Download
memory/2280-6-0x0000000001FC0000-0x000000000225C000-memory.dmp

Filesize
2.6MB

Download
memory/2280-7-0x0000000001FC0000-0x000000000225C000-memory.dmp

Filesize
2.6MB

Download
memory/2280-8-0x0000000000720000-0x0000000000730000-memory.dmp

Filesize
64KB

Download