1abd3186cebc2476687979e7d35826ae0fd545bbcab61bfd6e523c83df3789f3

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 04:13

Target

0e10c48956844f06a0a4dd49ca339cd1.dll
Size

31KB
MD5

0e10c48956844f06a0a4dd49ca339cd1
SHA1

ecbd1da9d8706d2d390805a3f47f66f89989315b
SHA256

1abd3186cebc2476687979e7d35826ae0fd545bbcab61bfd6e523c83df3789f3
SHA512

3c8deea3f5e4238038276b1c0f94d989f08e1f768578379c13a592d4b4770fdf6d44ca4b88ba1d7f1c960e66abf0751dcf1c1d61da74a4fcb0c8f498ea25edcc
SSDEEP

768:mKXkdYAQqqnGbngkOZxl7ffxzuo7ificWSR6R5U4qauTB0TeX:mKXiNaGbgkuhfUo7i5Wq63eauTBo

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1252-1-0x0000000000210000-0x0000000000230000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 1252	1736	rundll32.exe	14
PID 1736 wrote to memory of 1252	1736	rundll32.exe	14
PID 1736 wrote to memory of 1252	1736	rundll32.exe	14
PID 1736 wrote to memory of 1252	1736	rundll32.exe	14
PID 1736 wrote to memory of 1252	1736	rundll32.exe	14
PID 1736 wrote to memory of 1252	1736	rundll32.exe	14
PID 1736 wrote to memory of 1252	1736	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e10c48956844f06a0a4dd49ca339cd1.dll,#1
1⤵
PID:1252

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0e10c48956844f06a0a4dd49ca339cd1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1736

memory/1252-2-0x0000000000230000-0x0000000000250000-memory.dmp

Filesize
128KB

Download
memory/1252-1-0x0000000000210000-0x0000000000230000-memory.dmp

Filesize
128KB

Download
memory/1252-0-0x0000000010000000-0x0000000010018000-memory.dmp

Filesize
96KB

Download