889634738c0d891bb7e10079d25c63d9a4322ee060b6d41c1f916cd73ff0d69e

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 09:11

Target

ae25cb52a85da03efcab27ac0b298a0d.dll
Size

38KB
MD5

ae25cb52a85da03efcab27ac0b298a0d
SHA1

55e876b65b0f918a4bef37e2832230cf082cd472
SHA256

889634738c0d891bb7e10079d25c63d9a4322ee060b6d41c1f916cd73ff0d69e
SHA512

c654ea10b172969b1a5c7f40524a8d59ee77388aaafb633e0040e18eca13c9ede5bf611f76cc57ed61f03533812ba73671e1c0fbc0a5dfb9f57bed51b42cabcb
SSDEEP

384:T3wlCaSjm6FoQCsSUh119knN0c/PdPZZzsblS9yhpmfN2YmKrCeyw7p9WzWTT7i:T3WC2QChUPG/VPrOS9yhpmNmlw3

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1932-0-0x0000000010000000-0x000000001000B000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 1932	1248	rundll32.exe	28
PID 1248 wrote to memory of 1932	1248	rundll32.exe	28
PID 1248 wrote to memory of 1932	1248	rundll32.exe	28
PID 1248 wrote to memory of 1932	1248	rundll32.exe	28
PID 1248 wrote to memory of 1932	1248	rundll32.exe	28
PID 1248 wrote to memory of 1932	1248	rundll32.exe	28
PID 1248 wrote to memory of 1932	1248	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae25cb52a85da03efcab27ac0b298a0d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae25cb52a85da03efcab27ac0b298a0d.dll,#1
  2⤵
  PID:1932

memory/1932-0-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download