73f8ccc669eaf632353502bcbae107d758dfe698788f704911999be226482d0a | Triage

Analysis

max time kernel
122s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 18:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

c4189e1bc2877fcbec5e328ad024a5d6.dll
Size

16KB
MD5

c4189e1bc2877fcbec5e328ad024a5d6
SHA1

80b0ebf0d78e58834d953ba1ae1a9ac633937ab8
SHA256

73f8ccc669eaf632353502bcbae107d758dfe698788f704911999be226482d0a
SHA512

897e8b28e52c53c92c5ab5305341385309e76f17f5e9e53c2b6ba2e1bf51d423e32baffe44250d4ed353082a6f29b220c59e5b109526efdd1477bef8b6648f77
SSDEEP

384:dsC8m+bCxtLNTvVO7/FKG0yqNxLEaCg1SSwo:dskTNTvGsGKf

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1952-0-0x0000000000230000-0x0000000000241000-memory.dmp	upx
behavioral1/memory/1952-1-0x0000000000230000-0x0000000000241000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 1952	2484	rundll32.exe	28
PID 2484 wrote to memory of 1952	2484	rundll32.exe	28
PID 2484 wrote to memory of 1952	2484	rundll32.exe	28
PID 2484 wrote to memory of 1952	2484	rundll32.exe	28
PID 2484 wrote to memory of 1952	2484	rundll32.exe	28
PID 2484 wrote to memory of 1952	2484	rundll32.exe	28
PID 2484 wrote to memory of 1952	2484	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4189e1bc2877fcbec5e328ad024a5d6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c4189e1bc2877fcbec5e328ad024a5d6.dll,#1
  2⤵
  PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1952-0-0x0000000000230000-0x0000000000241000-memory.dmp

Filesize
68KB

Download
memory/1952-1-0x0000000000230000-0x0000000000241000-memory.dmp

Filesize
68KB

Download