0a2e82566208a8504f8bf743b2ec9a11ed11897aad81d36cc5f633ceb88ee1b4 | Triage

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 02:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

52504d7e4e58a87281b8058b0630a985.dll
Size

49KB
MD5

52504d7e4e58a87281b8058b0630a985
SHA1

5c1d368587958a714883c01aa293147ff37c1d95
SHA256

0a2e82566208a8504f8bf743b2ec9a11ed11897aad81d36cc5f633ceb88ee1b4
SHA512

535fd2632a32776efcf0b8b2e47a034734a8e934edf6c34b147291c54adabcf2c5ae2fb90d979471f152a37465f8195c4bb2c992d27d10fa8e06d5ee92431d96
SSDEEP

1536:anRkFEO5rM//vDavJBzeY2rP1ZZaFmIysN2II:aRkbrM//bmJpToe8P4I

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1944-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 1944	2052	rundll32.exe	28
PID 2052 wrote to memory of 1944	2052	rundll32.exe	28
PID 2052 wrote to memory of 1944	2052	rundll32.exe	28
PID 2052 wrote to memory of 1944	2052	rundll32.exe	28
PID 2052 wrote to memory of 1944	2052	rundll32.exe	28
PID 2052 wrote to memory of 1944	2052	rundll32.exe	28
PID 2052 wrote to memory of 1944	2052	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\52504d7e4e58a87281b8058b0630a985.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\52504d7e4e58a87281b8058b0630a985.dll,#1
  2⤵
  PID:1944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1944-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download