d58ce6cf30a7eb61692930e50349da3ba5983fc29913b8be71d96c73d0db5de0

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 20:23

Target

1bc81890b3f14f8fbf83abe04280b51a.dll
Size

57KB
MD5

1bc81890b3f14f8fbf83abe04280b51a
SHA1

7756b9d0180df262f5f7be07181ec83ea1304a32
SHA256

d58ce6cf30a7eb61692930e50349da3ba5983fc29913b8be71d96c73d0db5de0
SHA512

e83be7cddf18af14182177f4829e7d2cf879f5cec02ff35d0d18c50cb9c04f73e9aeadfc659a314dd1c420e49992273db998545badb17b7671c367754e7cdfc7
SSDEEP

1536:j4ABNjFc+O+oSxzSDjp6wGq7n8qZkC3bwyts0bKh04jEptPnchiN:bhFc+mSxzg2yHLbTs0eqoEptPnc4

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2868-0-0x0000000010000000-0x000000001002F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 2868	2460	regsvr32.exe	16
PID 2460 wrote to memory of 2868	2460	regsvr32.exe	16
PID 2460 wrote to memory of 2868	2460	regsvr32.exe	16
PID 2460 wrote to memory of 2868	2460	regsvr32.exe	16
PID 2460 wrote to memory of 2868	2460	regsvr32.exe	16
PID 2460 wrote to memory of 2868	2460	regsvr32.exe	16
PID 2460 wrote to memory of 2868	2460	regsvr32.exe	16

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1bc81890b3f14f8fbf83abe04280b51a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\1bc81890b3f14f8fbf83abe04280b51a.dll
  2⤵
  PID:2868

memory/2868-0-0x0000000010000000-0x000000001002F000-memory.dmp

Filesize
188KB

Download