2fa89fc522f2a992343aa2799404fe682177cd6ffd8bc4b5fcbf62cfc285103a | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 23:33

Sharing

Report Analysis Logs

General

Target

6652fe203a1730d837bb00270afb212f.dll
Size

34KB
MD5

6652fe203a1730d837bb00270afb212f
SHA1

434a506ac0c21dea688c9be6e0e9de06077c932b
SHA256

2fa89fc522f2a992343aa2799404fe682177cd6ffd8bc4b5fcbf62cfc285103a
SHA512

891f55a089507e9535177e47f4af2cc910e5ef9341d01f2702c10ed14e0abc8c128ade018f10e22804718ba5f8ba6d7ff03e819ef7699f7aec50d3d32b4324db
SSDEEP

768:dh2apTenhq5FKoaRLwYJeSh9Z21EB9WQFrm:dQvnI5FKo0Lwwes9ZqKnFi

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3032-1-0x0000000010000000-0x000000001001A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 3032	2720	rundll32.exe	28
PID 2720 wrote to memory of 3032	2720	rundll32.exe	28
PID 2720 wrote to memory of 3032	2720	rundll32.exe	28
PID 2720 wrote to memory of 3032	2720	rundll32.exe	28
PID 2720 wrote to memory of 3032	2720	rundll32.exe	28
PID 2720 wrote to memory of 3032	2720	rundll32.exe	28
PID 2720 wrote to memory of 3032	2720	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6652fe203a1730d837bb00270afb212f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6652fe203a1730d837bb00270afb212f.dll,#1
  2⤵
  PID:3032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3032-0-0x0000000010000000-0x000000001001A000-memory.dmp

Filesize
104KB

Download
memory/3032-1-0x0000000010000000-0x000000001001A000-memory.dmp

Filesize
104KB

Download