27d0c5801f900f1f853aa25bf449fcc3c2446270c9146930c2fe49d5de42d5f4

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 00:46

Target

734b0a501b84029466cd5de3cb94a4f8.dll
Size

36KB
MD5

734b0a501b84029466cd5de3cb94a4f8
SHA1

ef07ee3fb07b2ec142708e93b7183b41065ec65e
SHA256

27d0c5801f900f1f853aa25bf449fcc3c2446270c9146930c2fe49d5de42d5f4
SHA512

f56b7608eeb9852df3c3610b49819de8b44f7253e92d3cb5c3a368cf77c099ee291ad9bf3bcb50a339c38bb33206a239d896388460bb82f90e73ab9ee258468b
SSDEEP

768:n7S7ILNPpMSqUCA+AJBMJkrWykpw6RlWfXa7zojXMjk67Jj7e:n7ZLNPp9pZBM4WyaG7jMQ67Z7e

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2124-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx
behavioral1/memory/2124-1-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 2124	1352	rundll32.exe	28
PID 1352 wrote to memory of 2124	1352	rundll32.exe	28
PID 1352 wrote to memory of 2124	1352	rundll32.exe	28
PID 1352 wrote to memory of 2124	1352	rundll32.exe	28
PID 1352 wrote to memory of 2124	1352	rundll32.exe	28
PID 1352 wrote to memory of 2124	1352	rundll32.exe	28
PID 1352 wrote to memory of 2124	1352	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\734b0a501b84029466cd5de3cb94a4f8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\734b0a501b84029466cd5de3cb94a4f8.dll,#1
  2⤵
  PID:2124

memory/2124-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download
memory/2124-1-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download