25fd91a15be4ff0e4be53832f11bd1695e058040c25bdfcc858cf6ff1d3b7cae

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 10:24

Target

71fbaa8782511b89857c4f5062faea5d.dll
Size

81KB
MD5

71fbaa8782511b89857c4f5062faea5d
SHA1

5807eab0c812518d6f00da79f0d858fdb7f9fc1c
SHA256

25fd91a15be4ff0e4be53832f11bd1695e058040c25bdfcc858cf6ff1d3b7cae
SHA512

13e56c6840bd42e73a2e28612217b2a76859ea72210f1d4b8f8dc7f83db7c7eac6430bdf9014817eeb2ff0fc61657e772cfcd6efa7828ed0f6af3f6f31c56304
SSDEEP

1536:Bm1NGJVG4up3J1vh/ExywiP+mUtVg6XQotL70WWpaDMhaaz5du3XH49jU:kX0VnupNgEHUtVXTvWp2wnjqH4FU

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2284-0-0x0000000010000000-0x0000000010013000-memory.dmp	upx
behavioral1/memory/2284-1-0x0000000010000000-0x0000000010013000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2284	2092	rundll32.exe	17
PID 2092 wrote to memory of 2284	2092	rundll32.exe	17
PID 2092 wrote to memory of 2284	2092	rundll32.exe	17
PID 2092 wrote to memory of 2284	2092	rundll32.exe	17
PID 2092 wrote to memory of 2284	2092	rundll32.exe	17
PID 2092 wrote to memory of 2284	2092	rundll32.exe	17
PID 2092 wrote to memory of 2284	2092	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\71fbaa8782511b89857c4f5062faea5d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\71fbaa8782511b89857c4f5062faea5d.dll,#1
  2⤵
  PID:2284

memory/2284-0-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2284-1-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download