30173f79b0cf20777a8e04488f1e17ef5eaffcecf6ac06886a34601ab32ea4b8

Analysis

max time kernel
140s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2024 19:39

Target

7b1afdcd687526b7cb3009cf49092c2b.dll
Size

42KB
MD5

7b1afdcd687526b7cb3009cf49092c2b
SHA1

9fafb574c497a128122e05d92b2a49d4d5028ff7
SHA256

30173f79b0cf20777a8e04488f1e17ef5eaffcecf6ac06886a34601ab32ea4b8
SHA512

dd4592492bd5c9c7859f72fa23a2c5cd6119c0e3b921e08f819c57bba92e00055dedc37a6c655775535beb90b138c8ebf4219493b58dc3062211f61000cfe34f
SSDEEP

768:LYGRuoIu0yRwBFL3VTiRbjdXgyAbYGgOGn/UrGmCafrnbcuyD7U3:MGRuJsEhmPwyotG/UaCrnouy83

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4560-0-0x0000000010000000-0x0000000010027000-memory.dmp	upx
behavioral2/memory/4560-1-0x0000000010000000-0x0000000010027000-memory.dmp	upx
behavioral2/memory/4560-6-0x0000000010000000-0x0000000010027000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3612 wrote to memory of 4560	3612	rundll32.exe	85
PID 3612 wrote to memory of 4560	3612	rundll32.exe	85
PID 3612 wrote to memory of 4560	3612	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b1afdcd687526b7cb3009cf49092c2b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b1afdcd687526b7cb3009cf49092c2b.dll,#1
  2⤵
  PID:4560

memory/4560-0-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/4560-1-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download
memory/4560-6-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download