ff7aa91d6c0b96c25bb9f5a97130adb5a16af8b5695da4eca16de8b40769b45d

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 04:45

Target

28b6f2cc92d5397dff85936af7462fb7.dll
Size

37KB
MD5

28b6f2cc92d5397dff85936af7462fb7
SHA1

e70d065e75c29759576e6de552b36b7e67470af7
SHA256

ff7aa91d6c0b96c25bb9f5a97130adb5a16af8b5695da4eca16de8b40769b45d
SHA512

024cbd8af8b695bcc4a10b3fcf19fb03e3aa4457b1c128729fa17a44dc2e1ece74d83224471e2674efe83064bff5151dc04d1d61ef72cf1076113b913d426132
SSDEEP

768:WO4BFDNKbpP38Uiky6WKxVMTv/bBYALibD/ftPxiPJ6sVI3NQ:WfB2pv8UiRmeT3V65DsVIQ

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1588-0-0x0000000010000000-0x000000001001D000-memory.dmp	upx
behavioral1/memory/1588-1-0x0000000010000000-0x000000001001D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 1588	2432	rundll32.exe	28
PID 2432 wrote to memory of 1588	2432	rundll32.exe	28
PID 2432 wrote to memory of 1588	2432	rundll32.exe	28
PID 2432 wrote to memory of 1588	2432	rundll32.exe	28
PID 2432 wrote to memory of 1588	2432	rundll32.exe	28
PID 2432 wrote to memory of 1588	2432	rundll32.exe	28
PID 2432 wrote to memory of 1588	2432	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\28b6f2cc92d5397dff85936af7462fb7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\28b6f2cc92d5397dff85936af7462fb7.dll,#1
  2⤵
  PID:1588

memory/1588-0-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/1588-1-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download