76e57d78b3f00fd35861ac10662bd52c311ee95956e97c3bec849a0bcae1aa92

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 23:46

Target

2086574845e4c1bb27ed06ed254db804.dll
Size

68KB
MD5

2086574845e4c1bb27ed06ed254db804
SHA1

373bfca5666c076218ba72702287051badb898ee
SHA256

76e57d78b3f00fd35861ac10662bd52c311ee95956e97c3bec849a0bcae1aa92
SHA512

f547a9e97a9cdc3d27d4096e3d58425b9a9a64b8d2ed10d5870e19f2dd03bc804df0db7ca32afa3ea65a99cfb8fa1f38da8a9bfad137bd82c1f3d8e2d2bc59e4
SSDEEP

1536:HKvv9jeCw6l9n+Eu2/uFTxLcp80w0WB47hZ+IB2vern7L1pSDf:TSHu2/IQp80JA47LyernFpSD

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2516-0-0x0000000010000000-0x0000000010664000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1716 wrote to memory of 2516	1716	rundll32.exe	14
PID 1716 wrote to memory of 2516	1716	rundll32.exe	14
PID 1716 wrote to memory of 2516	1716	rundll32.exe	14
PID 1716 wrote to memory of 2516	1716	rundll32.exe	14
PID 1716 wrote to memory of 2516	1716	rundll32.exe	14
PID 1716 wrote to memory of 2516	1716	rundll32.exe	14
PID 1716 wrote to memory of 2516	1716	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2086574845e4c1bb27ed06ed254db804.dll,#1
1⤵
PID:2516

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2086574845e4c1bb27ed06ed254db804.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1716

memory/2516-0-0x0000000010000000-0x0000000010664000-memory.dmp

Filesize
6.4MB

Download