5d88032f5b47f346be2be3b1239f73632fb17cd73b19065be11dba7cddacbe05

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 02:54

Target

4e1b95cb50f0df5e91f73a2c2b52364c.dll
Size

33KB
MD5

4e1b95cb50f0df5e91f73a2c2b52364c
SHA1

de7d6d3671b01b16779d0dcd580494e2658b3217
SHA256

5d88032f5b47f346be2be3b1239f73632fb17cd73b19065be11dba7cddacbe05
SHA512

13128cd1a71a993bad28e42a713b293b3a52c67532c3321cc91c056168da15f34d7c7b0692e58813436d3aa02cb94600e2146e210de02c698fc7caee81c5cbaa
SSDEEP

192:S6oN/A4TRGJ4isOmVt+c/MUFaNJhLkwcud2DH9VwGfctvyc6cgd8ITRaB23:boiByisOpGaNJawcudoD7UX6J9

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2468-0-0x0000000010000000-0x000000001000A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2468	2264	rundll32.exe	15
PID 2264 wrote to memory of 2468	2264	rundll32.exe	15
PID 2264 wrote to memory of 2468	2264	rundll32.exe	15
PID 2264 wrote to memory of 2468	2264	rundll32.exe	15
PID 2264 wrote to memory of 2468	2264	rundll32.exe	15
PID 2264 wrote to memory of 2468	2264	rundll32.exe	15
PID 2264 wrote to memory of 2468	2264	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e1b95cb50f0df5e91f73a2c2b52364c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e1b95cb50f0df5e91f73a2c2b52364c.dll,#1
  2⤵
  PID:2468

memory/2468-0-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download