55f6642d0266b266bc114abca8cc094caf819cb844392138a2ec5e9ef72082c9

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 18:37

Target

7538c4c56b8e6b9ebaf7c04b08d45d41.dll
Size

60KB
MD5

7538c4c56b8e6b9ebaf7c04b08d45d41
SHA1

6fc735e9499208d1a7f057cf6916b169d2e50412
SHA256

55f6642d0266b266bc114abca8cc094caf819cb844392138a2ec5e9ef72082c9
SHA512

cbcadaf0320332c0f8015cdfa144d7df7066800542d2bcf10e1e11b0f6bfcb60847298292dee3bd58e35935cf3c67cddbea08175f790f3c11b5d9d9fbd1ebff5
SSDEEP

768:R73xlB/LOtoioTr51Qnsjo/SkfgS29FpTPnkp4uN6sBvD17x6PvbYUds64UDUC9P:R75vr51oio09fPnkSuXQkUdsWnQy

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2724-0-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2724	2792	rundll32.exe	10
PID 2792 wrote to memory of 2724	2792	rundll32.exe	10
PID 2792 wrote to memory of 2724	2792	rundll32.exe	10
PID 2792 wrote to memory of 2724	2792	rundll32.exe	10
PID 2792 wrote to memory of 2724	2792	rundll32.exe	10
PID 2792 wrote to memory of 2724	2792	rundll32.exe	10
PID 2792 wrote to memory of 2724	2792	rundll32.exe	10

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7538c4c56b8e6b9ebaf7c04b08d45d41.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7538c4c56b8e6b9ebaf7c04b08d45d41.dll,#1
  2⤵
  PID:2724

memory/2724-0-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download