524add836a7b9e2d50c7c2202408f7f850f3f98bad11bd9466a62aa59eccef97

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 15:01

Target

412b2a2cbeee0edb30d7b3ec3711b0bc.dll
Size

95KB
MD5

412b2a2cbeee0edb30d7b3ec3711b0bc
SHA1

219fcc3fe9e4b6abeda335b414e46310b29bd583
SHA256

524add836a7b9e2d50c7c2202408f7f850f3f98bad11bd9466a62aa59eccef97
SHA512

5c4d05717751090f0aff64ebdec2a607fd5850c2a012600d59cba17d524db545556f4c6c9ee1d5404982dc108fd33228e518287d4232863bc8b95d5af130f8cd
SSDEEP

1536:Xrj2DTisS3kalQBa+jbB67uvrcMi1d7BThpbDE3R7CiprrRju:v2DTv1alQBnUiv0DTHbDUR7C+I

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2760-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2760	2040	rundll32.exe	16
PID 2040 wrote to memory of 2760	2040	rundll32.exe	16
PID 2040 wrote to memory of 2760	2040	rundll32.exe	16
PID 2040 wrote to memory of 2760	2040	rundll32.exe	16
PID 2040 wrote to memory of 2760	2040	rundll32.exe	16
PID 2040 wrote to memory of 2760	2040	rundll32.exe	16
PID 2040 wrote to memory of 2760	2040	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\412b2a2cbeee0edb30d7b3ec3711b0bc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\412b2a2cbeee0edb30d7b3ec3711b0bc.dll,#1
  2⤵
  PID:2760

memory/2760-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download