d690a7eb3359dbae991ead8a05c98122a07ae2f0099a5e8d3ede621618efaa7f | Triage

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-03-2024 08:27

Sharing

Report Analysis Logs

General

Target

c2e8ccc9cae23df63a356a9e3f4de38b.dll
Size

936KB
MD5

c2e8ccc9cae23df63a356a9e3f4de38b
SHA1

74033310e578677dedd8e4cc261d8c1e39bf2250
SHA256

d690a7eb3359dbae991ead8a05c98122a07ae2f0099a5e8d3ede621618efaa7f
SHA512

6d40995e6cbd6ab39ac6d98f26a0283fa8d78649eca945af308d5b782db3ea88be971640b446dcf2e41028db6331029eea16aaf6e057ecda8d3665f0b9241785
SSDEEP

24576:3MFLNwSYWmfI5YvXDfHhudEEhZTkYwiRZMG/h67:BIG/NudE6TdDMG/h

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2196-0-0x0000000000C20000-0x0000000000F01000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 2196	1632	rundll32.exe	28
PID 1632 wrote to memory of 2196	1632	rundll32.exe	28
PID 1632 wrote to memory of 2196	1632	rundll32.exe	28
PID 1632 wrote to memory of 2196	1632	rundll32.exe	28
PID 1632 wrote to memory of 2196	1632	rundll32.exe	28
PID 1632 wrote to memory of 2196	1632	rundll32.exe	28
PID 1632 wrote to memory of 2196	1632	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2e8ccc9cae23df63a356a9e3f4de38b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2e8ccc9cae23df63a356a9e3f4de38b.dll,#1
  2⤵
  PID:2196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2196-1-0x0000000000C20000-0x0000000000F01000-memory.dmp

Filesize
2.9MB

Download
memory/2196-0-0x0000000000C20000-0x0000000000F01000-memory.dmp

Filesize
2.9MB

Download
memory/2196-4-0x0000000000B40000-0x0000000000B44000-memory.dmp

Filesize
16KB

Download
memory/2196-3-0x0000000000C20000-0x0000000000F01000-memory.dmp

Filesize
2.9MB

Download