54bb19d9608d11a4849f932e0a4fd54055cdbeffe6d99625597657d14d0cbc29 | Triage

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 20:40

Sharing

Report Analysis Logs

General

Target

d.dll
Size

33KB
MD5

638a6f2b03c828e9b3c77c104c56f4ea
SHA1

ec1d56a6530a3004aa49d748a9c8385801cf0029
SHA256

8e2db43518297a45d664dcaaf6ee29a93e8cb9ea28e5fff96324628f74871fda
SHA512

b8c943cc17ab646546ba7f6ccd9246f6e3bde665a450932d40ab418fd36421cbf00385e8e1074e4e2477a6abb2e343f4cd1bd312bd6200601a8cddf572579609
SSDEEP

384:rydxlutNDYbeTOf0sZfkEuHn8j/eGJldIUwWg3a4TjNADTmLJZORk112zifNtizt:eDmca+G8vwWg3aeWXaJn/FSt

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral5/memory/2216-0-0x0000000010000000-0x000000001001A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 2216	2544	rundll32.exe	28
PID 2544 wrote to memory of 2216	2544	rundll32.exe	28
PID 2544 wrote to memory of 2216	2544	rundll32.exe	28
PID 2544 wrote to memory of 2216	2544	rundll32.exe	28
PID 2544 wrote to memory of 2216	2544	rundll32.exe	28
PID 2544 wrote to memory of 2216	2544	rundll32.exe	28
PID 2544 wrote to memory of 2216	2544	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d.dll,#1
  2⤵
  PID:2216

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2216-0-0x0000000010000000-0x000000001001A000-memory.dmp

Filesize
104KB

Download