ca1aa1b48916a2af7c60781bf8cc8cab60fc1aa4af7480e71ba5652ee285e881

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 03:07

Target

0c82060f41fcad441b1ae4feb1709642.dll
Size

13KB
MD5

0c82060f41fcad441b1ae4feb1709642
SHA1

a2907f1c8bf13ebd725e2024cca30043fa5c094d
SHA256

ca1aa1b48916a2af7c60781bf8cc8cab60fc1aa4af7480e71ba5652ee285e881
SHA512

b2a94141ecf2f5facefece326335658b770c8452ed8e0a154ce62d39669df224cf8f4c649f89a74fe0c5d570b168c55a2adbbc96792837d6c332bf51e08463c2
SSDEEP

192:nrOQPz67cib/Sk1QpJqRNIj1crpTBTBqm1ChxsSMqBI41p6JE5v7X:Ky67BqURNIRc1TBNq6Chx/nBRn6y5vD

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3028-2-0x00000000001C0000-0x00000000001CF000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 3028	1652	rundll32.exe	28
PID 1652 wrote to memory of 3028	1652	rundll32.exe	28
PID 1652 wrote to memory of 3028	1652	rundll32.exe	28
PID 1652 wrote to memory of 3028	1652	rundll32.exe	28
PID 1652 wrote to memory of 3028	1652	rundll32.exe	28
PID 1652 wrote to memory of 3028	1652	rundll32.exe	28
PID 1652 wrote to memory of 3028	1652	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c82060f41fcad441b1ae4feb1709642.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c82060f41fcad441b1ae4feb1709642.dll,#1
  2⤵
  PID:3028

memory/3028-0-0x00000000001B0000-0x00000000001BF000-memory.dmp

Filesize
60KB

Download
memory/3028-1-0x00000000001B0000-0x00000000001BF000-memory.dmp

Filesize
60KB

Download
memory/3028-2-0x00000000001C0000-0x00000000001CF000-memory.dmp

Filesize
60KB

Download