b626c1be67fc0db6a513accf8086cd0e4ec9535d5af0b20b3cba3d826518350f

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 18:11

Target

8fd11713125c12165a446ce0d613837e.dll
Size

16KB
MD5

8fd11713125c12165a446ce0d613837e
SHA1

42dcc319ff4f1e0f83ab4c9dba391d7b67b3e699
SHA256

b626c1be67fc0db6a513accf8086cd0e4ec9535d5af0b20b3cba3d826518350f
SHA512

a3aeffa8d909da1b71e60851b93a0257a4f25bd7639859fa8c36083481b3be686dfa134a3c910cc770fd74b2cb04627aafdb5b1e7c8f4971a612b5a8fc338135
SSDEEP

384:0dt3gcz32OzZXKn7XpTnw4yeGixMs4PzfrlfiLI0c0orgz:GtwczTZ6nzh33CfZa9c0N

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2328-2-0x00000000752A0000-0x00000000752AF000-memory.dmp	upx
behavioral1/memory/2328-1-0x00000000752A0000-0x00000000752AF000-memory.dmp	upx
behavioral1/memory/2328-5-0x00000000752A0000-0x00000000752AF000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1064 wrote to memory of 2328	1064	rundll32.exe	28
PID 1064 wrote to memory of 2328	1064	rundll32.exe	28
PID 1064 wrote to memory of 2328	1064	rundll32.exe	28
PID 1064 wrote to memory of 2328	1064	rundll32.exe	28
PID 1064 wrote to memory of 2328	1064	rundll32.exe	28
PID 1064 wrote to memory of 2328	1064	rundll32.exe	28
PID 1064 wrote to memory of 2328	1064	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8fd11713125c12165a446ce0d613837e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8fd11713125c12165a446ce0d613837e.dll,#1
  2⤵
  PID:2328

memory/2328-2-0x00000000752A0000-0x00000000752AF000-memory.dmp

Filesize
60KB

Download
memory/2328-1-0x00000000752A0000-0x00000000752AF000-memory.dmp

Filesize
60KB

Download
memory/2328-4-0x0000000075280000-0x000000007528F000-memory.dmp

Filesize
60KB

Download
memory/2328-3-0x0000000075290000-0x000000007529F000-memory.dmp

Filesize
60KB

Download
memory/2328-5-0x00000000752A0000-0x00000000752AF000-memory.dmp

Filesize
60KB

Download
memory/2328-6-0x00000000752A0000-0x00000000752AF000-memory.dmp

Filesize
60KB

Download