06d07c519d0e2625a164bb133a434e1b2fb808d0692e7dacf651b0a5d3762cdc

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-01-2024 07:31

Target

40439f6aa4a154b4ad46f48ac8b566f4.dll
Size

103KB
MD5

40439f6aa4a154b4ad46f48ac8b566f4
SHA1

17ad391eada78dfc45f562feaf638b4e2c9b2afe
SHA256

06d07c519d0e2625a164bb133a434e1b2fb808d0692e7dacf651b0a5d3762cdc
SHA512

35bc83b6e59e426f702355dcf1521d55f53b25cf2cedd63a8ac2043be12eeaacc9ca6b94ee21f9fedf38d80818564e066baee36c7ab9c9b3cbc8386b85ce3002
SSDEEP

1536:i64W3b/+sHTUxLuFNBwdNO82jWHAnRrUqpvEdVBrTHKLaj92k+:1b/+sHrBVNflqVB/HRZE

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2356-0-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2356	2672	rundll32.exe	28
PID 2672 wrote to memory of 2356	2672	rundll32.exe	28
PID 2672 wrote to memory of 2356	2672	rundll32.exe	28
PID 2672 wrote to memory of 2356	2672	rundll32.exe	28
PID 2672 wrote to memory of 2356	2672	rundll32.exe	28
PID 2672 wrote to memory of 2356	2672	rundll32.exe	28
PID 2672 wrote to memory of 2356	2672	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40439f6aa4a154b4ad46f48ac8b566f4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\40439f6aa4a154b4ad46f48ac8b566f4.dll,#1
  2⤵
  PID:2356

memory/2356-0-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2356-1-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2356-2-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download