bdb91ce96b1ffd669b88fcdf52bf515af88721025d70d0b8a3a3d46d957ebe22

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 23:49

Target

75d48be4da8415d0f0e5f8043491e44b.dll
Size

37KB
MD5

75d48be4da8415d0f0e5f8043491e44b
SHA1

005cbddfbb2ca22017da91dd7f8e7d2f122e3a15
SHA256

bdb91ce96b1ffd669b88fcdf52bf515af88721025d70d0b8a3a3d46d957ebe22
SHA512

3f409e65c33f3c3aff618fdbd71d329d0ef5b5dcfc065a0c1b26be8227563137ceca31a5604c386d4d764a15109e0704b4a972ba1fafda3e05804383a2d0d24a
SSDEEP

768:5i0lKwWkQSdEHpeaTXM1HO529hwFGKFUuPfy/oAvcyLq5b9Cth51i0VXZ:vKFEmu4azcNi/7cvyu0VXZ

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2480-1-0x0000000010000000-0x0000000010033000-memory.dmp	upx
behavioral1/memory/2480-0-0x0000000010000000-0x0000000010033000-memory.dmp	upx
behavioral1/memory/2480-2-0x0000000010000000-0x0000000010033000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2480	2132	rundll32.exe	28
PID 2132 wrote to memory of 2480	2132	rundll32.exe	28
PID 2132 wrote to memory of 2480	2132	rundll32.exe	28
PID 2132 wrote to memory of 2480	2132	rundll32.exe	28
PID 2132 wrote to memory of 2480	2132	rundll32.exe	28
PID 2132 wrote to memory of 2480	2132	rundll32.exe	28
PID 2132 wrote to memory of 2480	2132	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\75d48be4da8415d0f0e5f8043491e44b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\75d48be4da8415d0f0e5f8043491e44b.dll,#1
  2⤵
  PID:2480

memory/2480-1-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download
memory/2480-0-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download
memory/2480-2-0x0000000010000000-0x0000000010033000-memory.dmp

Filesize
204KB

Download