6e88a771ddb843d20a3398a6c812070e7fea224e9ebc880614b4ddd66090221b | Triage

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-12-2023 21:08

Sharing

Report Analysis Logs

General

Target

f848e8b7e8f6c4636b608f63749c9992.dll
Size

71KB
MD5

f848e8b7e8f6c4636b608f63749c9992
SHA1

ccf93926c8158857fbce3149e2baf408e8b59895
SHA256

6e88a771ddb843d20a3398a6c812070e7fea224e9ebc880614b4ddd66090221b
SHA512

def901b5ee2d14f7dea784e55e84ed38bddf6523a80246a93b96f45af9070facd102a75a67faff4a77b746176d8699bb9cf6d0eba8a8890a5e37271d4836f9bc
SSDEEP

1536:EG1bfMzQkdNrr0qXDznvO2xtAmBsLFh+jNyfX:EG1jatdZT/vO2xZSFgYfX

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2320-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2320	2268	rundll32.exe	27
PID 2268 wrote to memory of 2320	2268	rundll32.exe	27
PID 2268 wrote to memory of 2320	2268	rundll32.exe	27
PID 2268 wrote to memory of 2320	2268	rundll32.exe	27
PID 2268 wrote to memory of 2320	2268	rundll32.exe	27
PID 2268 wrote to memory of 2320	2268	rundll32.exe	27
PID 2268 wrote to memory of 2320	2268	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f848e8b7e8f6c4636b608f63749c9992.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f848e8b7e8f6c4636b608f63749c9992.dll,#1
  2⤵
  PID:2320

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2320-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/2320-1-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download