e86a48ce4fc23cd42e5ab781e0a26f1b223e8f6674821d783e2358dff9485504

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 12:46

Target

538e91980c60adeee758af31f8c74596.dll
Size

71KB
MD5

538e91980c60adeee758af31f8c74596
SHA1

a8eb6d7b9839aeaa4a5b21d8f39620e8794463a6
SHA256

e86a48ce4fc23cd42e5ab781e0a26f1b223e8f6674821d783e2358dff9485504
SHA512

65fd20af7be69b5684af8310b56782777a94fc88dd4d9cfd74991db7be94ce4e2bf91854c1ec2bfee685c597cf9690814c24253018ad5be409e229f4dcfabf08
SSDEEP

1536:pMijQgmfIYSffPB4syyiYGK//nbyrbSJHNTblM0jkSTigbhHd:p5of5Cn3yyi7CzyrGpNq0jkSB

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2988-0-0x0000000010000000-0x0000000010034000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 2988	2932	rundll32.exe	15
PID 2932 wrote to memory of 2988	2932	rundll32.exe	15
PID 2932 wrote to memory of 2988	2932	rundll32.exe	15
PID 2932 wrote to memory of 2988	2932	rundll32.exe	15
PID 2932 wrote to memory of 2988	2932	rundll32.exe	15
PID 2932 wrote to memory of 2988	2932	rundll32.exe	15
PID 2932 wrote to memory of 2988	2932	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\538e91980c60adeee758af31f8c74596.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\538e91980c60adeee758af31f8c74596.dll,#1
  2⤵
  PID:2988

memory/2988-0-0x0000000010000000-0x0000000010034000-memory.dmp

Filesize
208KB

Download