a53aa04b53fc9f62139ecd48491cd8a4f75b169e002e1b9548af9ebcf25d3996 | Triage

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 11:59 UTC

Sharing

Report Analysis Logs

General

Target

3ccc5916aef9c8fe20fcf5f01e64ca75.dll
Size

64KB
MD5

3ccc5916aef9c8fe20fcf5f01e64ca75
SHA1

9b794d1e0b40a0c09192a52f3bc0ea4131273166
SHA256

a53aa04b53fc9f62139ecd48491cd8a4f75b169e002e1b9548af9ebcf25d3996
SHA512

f7152bbe0a6ba504bd9e4a442c3f73d7a31e341b70bac38bac3fae593ff51b5c814ebe3b879f2788ed38e70f03a6d09cfb7c660ab49979a5bc8a7594968e0ebd
SSDEEP

1536:yHZiFKzQrBD66s7IVDvXymAan3i3cPC+Xj:yHMFKzQrermA2dj

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3028-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 3028	2928	rundll32.exe	16
PID 2928 wrote to memory of 3028	2928	rundll32.exe	16
PID 2928 wrote to memory of 3028	2928	rundll32.exe	16
PID 2928 wrote to memory of 3028	2928	rundll32.exe	16
PID 2928 wrote to memory of 3028	2928	rundll32.exe	16
PID 2928 wrote to memory of 3028	2928	rundll32.exe	16
PID 2928 wrote to memory of 3028	2928	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ccc5916aef9c8fe20fcf5f01e64ca75.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ccc5916aef9c8fe20fcf5f01e64ca75.dll,#1
  2⤵
  PID:3028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3028-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download
memory/3028-1-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download