86adf8595c1868d3bc922390b9656322f5130b8e72d8bc3744c96fb99dd4e145

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 11:18

Target

c33a0ee4396f47a33cefadf1eece6bfb.dll
Size

87KB
MD5

c33a0ee4396f47a33cefadf1eece6bfb
SHA1

ce8824824a7c9921acb13bb3f781775a927b5b1a
SHA256

86adf8595c1868d3bc922390b9656322f5130b8e72d8bc3744c96fb99dd4e145
SHA512

b33be95391e36ff46920c57028bdd58db61dbd63cdc6c3642cc8d9e7b35d8e59e4a2ecf338980339a11e3a79ebea6c84c3de8050ebba538823bbdb22c0a73f36
SSDEEP

1536:9kos6aUuTHQSwEUWqhFyJ42/Ee6r39shnYCdLP7vK0rhDNDfiU+BWHOiU6IlS7NH:8VFTwpa/V6rtshnThP7vK0r9pdOWq8NH

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2700-0-0x0000000010000000-0x0000000010025000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 2700	1908	rundll32.exe	28
PID 1908 wrote to memory of 2700	1908	rundll32.exe	28
PID 1908 wrote to memory of 2700	1908	rundll32.exe	28
PID 1908 wrote to memory of 2700	1908	rundll32.exe	28
PID 1908 wrote to memory of 2700	1908	rundll32.exe	28
PID 1908 wrote to memory of 2700	1908	rundll32.exe	28
PID 1908 wrote to memory of 2700	1908	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c33a0ee4396f47a33cefadf1eece6bfb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c33a0ee4396f47a33cefadf1eece6bfb.dll,#1
  2⤵
  PID:2700

memory/2700-0-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/2700-1-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download