0bfee075750122b7e721b918ca29c8ffb49ad09de04d75b1c2b9ced8ba7d5ad2

Analysis

max time kernel
121s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 03:52

Target

0d82c56ad8350bfaa98942b119728107.dll
Size

82KB
MD5

0d82c56ad8350bfaa98942b119728107
SHA1

02c70ad71260000989d7ebc3ead4d15d656f546d
SHA256

0bfee075750122b7e721b918ca29c8ffb49ad09de04d75b1c2b9ced8ba7d5ad2
SHA512

a34a19a839edb60f615e05e07d2995f1855d27db7db80575e159b1601eceb2765a726570733ab7a6e8773b43a516efafb50ebcbbc90754f6e18562f796455a3a
SSDEEP

1536:suRWqnFEnuj85CePHnopAG3hAUWYdrf8Puil2B8iTxluIco8lWJb82xbzERzhkmU:/W4EnujtePHo6MhARi8uI2HnuIh8ltyd

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1956-0-0x0000000010000000-0x000000001002A000-memory.dmp	upx
behavioral1/memory/1956-1-0x0000000010000000-0x000000001002A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 1956	3028	rundll32.exe	27
PID 3028 wrote to memory of 1956	3028	rundll32.exe	27
PID 3028 wrote to memory of 1956	3028	rundll32.exe	27
PID 3028 wrote to memory of 1956	3028	rundll32.exe	27
PID 3028 wrote to memory of 1956	3028	rundll32.exe	27
PID 3028 wrote to memory of 1956	3028	rundll32.exe	27
PID 3028 wrote to memory of 1956	3028	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d82c56ad8350bfaa98942b119728107.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0d82c56ad8350bfaa98942b119728107.dll,#1
  2⤵
  PID:1956

memory/1956-0-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download
memory/1956-1-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download