cfe8a0556fc75250c32814852c80cb410ebbe447598c6cef049a87870a434926

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 01:12

Target

48478bbdfa3f1eb432ece553f9e6c50b.dll
Size

198KB
MD5

48478bbdfa3f1eb432ece553f9e6c50b
SHA1

016b373d185b580adf21e9de22f9e1d30f85ae5c
SHA256

cfe8a0556fc75250c32814852c80cb410ebbe447598c6cef049a87870a434926
SHA512

82d07af5f29fae61372beb7bd1960fb85f8d14b27fdc000d7248e7b6734a31bf19fbe613a9d07b4d96e5030672c50d06e2bc43608502bb3f610c0c5a9c4db1a4
SSDEEP

3072:5Q10/5j01aXteQzWXcvYpMNPmOjmUOImf6OsWunItPR2oNwQi:5Q1rpMNPvjeI6vpPR2oA

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1972-1-0x0000000010000000-0x0000000010032000-memory.dmp	upx
behavioral1/memory/1972-0-0x0000000010000000-0x0000000010032000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 1972	2376	rundll32.exe	18
PID 2376 wrote to memory of 1972	2376	rundll32.exe	18
PID 2376 wrote to memory of 1972	2376	rundll32.exe	18
PID 2376 wrote to memory of 1972	2376	rundll32.exe	18
PID 2376 wrote to memory of 1972	2376	rundll32.exe	18
PID 2376 wrote to memory of 1972	2376	rundll32.exe	18
PID 2376 wrote to memory of 1972	2376	rundll32.exe	18

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48478bbdfa3f1eb432ece553f9e6c50b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\48478bbdfa3f1eb432ece553f9e6c50b.dll,#1
  2⤵
  PID:1972

memory/1972-1-0x0000000010000000-0x0000000010032000-memory.dmp

Filesize
200KB

Download
memory/1972-0-0x0000000010000000-0x0000000010032000-memory.dmp

Filesize
200KB

Download