e06febc91c109bf21ff9a276f9b6c39f81a5e43ca27dcb224c48273c43245c4f | Triage

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 19:02

Sharing

Report Analysis Logs

General

Target

cc2f2bf8ec2c74d7ba962e02886f01dc.dll
Size

213KB
MD5

cc2f2bf8ec2c74d7ba962e02886f01dc
SHA1

0f5223d38cbbd43e0b9ecac52b9a223397d85670
SHA256

e06febc91c109bf21ff9a276f9b6c39f81a5e43ca27dcb224c48273c43245c4f
SHA512

85105ccd3169dfb9b8e6d51363bd72ad6d15dc2a2dc82043bdbbcffb344d9df41175dc8f1cc064a3a72db65e7deb8f8d4dd29ed0bd8349bd79c9513285a634ce
SSDEEP

6144:8J37z0e6iaFNPPldDI8Xe4yp5ABb2FoS:8J3H0e1azOP7FoS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2252-0-0x0000000010000000-0x000000001007F000-memory.dmp	upx
behavioral1/memory/2252-1-0x0000000010000000-0x000000001007F000-memory.dmp	upx
behavioral1/memory/2252-2-0x0000000010000000-0x000000001007F000-memory.dmp	upx
behavioral1/memory/2252-3-0x0000000010000000-0x000000001007F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 2252	1620	rundll32.exe	28
PID 1620 wrote to memory of 2252	1620	rundll32.exe	28
PID 1620 wrote to memory of 2252	1620	rundll32.exe	28
PID 1620 wrote to memory of 2252	1620	rundll32.exe	28
PID 1620 wrote to memory of 2252	1620	rundll32.exe	28
PID 1620 wrote to memory of 2252	1620	rundll32.exe	28
PID 1620 wrote to memory of 2252	1620	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc2f2bf8ec2c74d7ba962e02886f01dc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc2f2bf8ec2c74d7ba962e02886f01dc.dll,#1
  2⤵
  PID:2252

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2252-0-0x0000000010000000-0x000000001007F000-memory.dmp

Filesize
508KB

Download
memory/2252-1-0x0000000010000000-0x000000001007F000-memory.dmp

Filesize
508KB

Download
memory/2252-2-0x0000000010000000-0x000000001007F000-memory.dmp

Filesize
508KB

Download
memory/2252-3-0x0000000010000000-0x000000001007F000-memory.dmp

Filesize
508KB

Download