d71ab1cde35a2006b336a837d5921b8d33703c3a1b48888b913f83c2d479d4fe

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 01:20

Target

d71ab1cde35a2006b336a837d5921b8d33703c3a1b48888b913f83c2d479d4fe.dll
Size

76KB
MD5

97321c943fdb0f415b43fffc634d4631
SHA1

7d97db98f80b023eaa7e0d3b519e07ad9d643368
SHA256

d71ab1cde35a2006b336a837d5921b8d33703c3a1b48888b913f83c2d479d4fe
SHA512

b82d93a85070ada550d6e348351b9f8161ddb234ea06b32b22f72ec4f77be827c1f8dcb54bcabc053c70809dc278adcae6015365c5181690ae611d1e2e712cf5
SSDEEP

1536:YjV8y93KQpFQmPLRk7G50zy/riF12jvRyo0hQk7ZpvFQhXSIocoX15:c8y93KQjy7G55riF1cMo03fFXImr

Score

9^/10

upx

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
behavioral1/memory/2204-0-0x0000000010000000-0x0000000010030000-memory.dmp	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2204-0-0x0000000010000000-0x0000000010030000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 2204	1684	rundll32.exe	28
PID 1684 wrote to memory of 2204	1684	rundll32.exe	28
PID 1684 wrote to memory of 2204	1684	rundll32.exe	28
PID 1684 wrote to memory of 2204	1684	rundll32.exe	28
PID 1684 wrote to memory of 2204	1684	rundll32.exe	28
PID 1684 wrote to memory of 2204	1684	rundll32.exe	28
PID 1684 wrote to memory of 2204	1684	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d71ab1cde35a2006b336a837d5921b8d33703c3a1b48888b913f83c2d479d4fe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d71ab1cde35a2006b336a837d5921b8d33703c3a1b48888b913f83c2d479d4fe.dll,#1
  2⤵
  PID:2204

memory/2204-0-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download