7c43118eedc1579312d4c7e50c865d9042cf514370c7e1cefc3d23d892ba0a91

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 17:01

Target

b7ea69fd260856edc0f2d79105da0c75.dll
Size

40KB
MD5

b7ea69fd260856edc0f2d79105da0c75
SHA1

fc863567e5950edc07e69feafa37a356b4a2c3ab
SHA256

7c43118eedc1579312d4c7e50c865d9042cf514370c7e1cefc3d23d892ba0a91
SHA512

4536488a7ab5cde1f801059dae14af2ecbe502ee10f0e902d5bc285508b8b9319f0d24694819c05b7ff2d7877c4efacb19f6cd362699827ed7c0c83338043a24
SSDEEP

768:B33wfvZ3zw40tiK1MoAyfRtzU6LydEH56gKLO5dQnbcuyD7Ue:VgBzwUEMhyfzPydEH56zOwnouy8

Score

7^/10

upx

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2232-0-0x0000000010000000-0x0000000010025000-memory.dmp	upx
behavioral1/memory/2232-1-0x0000000010000000-0x0000000010025000-memory.dmp	upx
behavioral1/memory/2232-2-0x0000000010000000-0x0000000010025000-memory.dmp	upx
behavioral1/memory/2232-3-0x0000000010000000-0x0000000010025000-memory.dmp	upx
behavioral1/memory/2232-8-0x0000000010000000-0x0000000010025000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2232	2204	rundll32.exe	28
PID 2204 wrote to memory of 2232	2204	rundll32.exe	28
PID 2204 wrote to memory of 2232	2204	rundll32.exe	28
PID 2204 wrote to memory of 2232	2204	rundll32.exe	28
PID 2204 wrote to memory of 2232	2204	rundll32.exe	28
PID 2204 wrote to memory of 2232	2204	rundll32.exe	28
PID 2204 wrote to memory of 2232	2204	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7ea69fd260856edc0f2d79105da0c75.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7ea69fd260856edc0f2d79105da0c75.dll,#1
  2⤵
  PID:2232

memory/2232-0-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/2232-1-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/2232-2-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/2232-3-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/2232-8-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download