334016e3fe9fb36f0cdc1eaec4f51ca191aebec843295bfca1f61bfbe46bf40a | Triage

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 16:11

Sharing

Report Analysis Logs

General

Target

74f0cd14eb9394e831419c362bb123fa.dll
Size

67KB
MD5

74f0cd14eb9394e831419c362bb123fa
SHA1

a1be3a910a57fe3c22ce3f9653757f1ec1001616
SHA256

334016e3fe9fb36f0cdc1eaec4f51ca191aebec843295bfca1f61bfbe46bf40a
SHA512

6f0baae4c91611ffedd03ccd16a75c989784f01d4b60ba66b09fb5419d6b9d3ae9633a56da294f8f61bd55be9b6c4edaaaaa7bf64d8c7439946cff30b00ac4cb
SSDEEP

1536:Bm1NGJVGtZL9oKVaMLiAxLoS4nvIHL6zKzOyTbAB:kX0ViZL1aMNdQwHL6zKOgS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/2512-0-0x0000000010000000-0x0000000010013000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2180 wrote to memory of 2512	2180	rundll32.exe	rundll32.exe
PID 2180 wrote to memory of 2512	2180	rundll32.exe	rundll32.exe
PID 2180 wrote to memory of 2512	2180	rundll32.exe	rundll32.exe
PID 2180 wrote to memory of 2512	2180	rundll32.exe	rundll32.exe
PID 2180 wrote to memory of 2512	2180	rundll32.exe	rundll32.exe
PID 2180 wrote to memory of 2512	2180	rundll32.exe	rundll32.exe
PID 2180 wrote to memory of 2512	2180	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\74f0cd14eb9394e831419c362bb123fa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2180

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\74f0cd14eb9394e831419c362bb123fa.dll,#1
2⤵
PID:2512

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2512-0-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download