e1d81e10118c6fcf12e5b113a2eedf1b05ab84d49bdf307397c2ff3926b7ac2f

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 01:56

Target

238a143d09a71a0102ab891f815e074c.dll
Size

61KB
MD5

238a143d09a71a0102ab891f815e074c
SHA1

453069e80ecc4d045367898c14b658d5f2664f07
SHA256

e1d81e10118c6fcf12e5b113a2eedf1b05ab84d49bdf307397c2ff3926b7ac2f
SHA512

fb2f4efaba2454129962786d4efd907edf4c5e88fa4cfbbd97bd3a7975b7781e58168d54bd647ecec38c6fb81211a373d89a3f247eb078a4c364b464b3b12055
SSDEEP

1536:1zExMwCGQ2jhp/UvGraNqejrlDFIREGCV3Dzdm7YZbKht:1I+wCGvLc+rQqejrX3nB+ht

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3020-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 3020	2972	rundll32.exe	28
PID 2972 wrote to memory of 3020	2972	rundll32.exe	28
PID 2972 wrote to memory of 3020	2972	rundll32.exe	28
PID 2972 wrote to memory of 3020	2972	rundll32.exe	28
PID 2972 wrote to memory of 3020	2972	rundll32.exe	28
PID 2972 wrote to memory of 3020	2972	rundll32.exe	28
PID 2972 wrote to memory of 3020	2972	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\238a143d09a71a0102ab891f815e074c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\238a143d09a71a0102ab891f815e074c.dll,#1
  2⤵
  PID:3020

memory/3020-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download