3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:20

Target

3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f.dll
Size

572KB
MD5

c6c8ac637b64b7a5013de464d8e32308
SHA1

5e128ea3f5bb943f6edec3e6e9e42d739652e0f8
SHA256

3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f
SHA512

2d19dffa7301f11ccde14c85f9ae88a6fcefad552b84890bfce804c3d61f2eda8efd3ae2a7bbdd015cdec8ff8963a988b14f0dcf4ab9d43782315c35f4f27d6e
SSDEEP

6144:5uRydcGid80GZydrXAjoiWCFAviiJy59qsfnd9idBWqpivTaZbNbySno/xn8CGGC:5uRyvidfd0oRoueCMlC+/tgr

Score

9^/10

upx

UPX dump on OEP (original entry point) 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/2304-2-0x00000000745E0000-0x00000000745F7000-memory.dmp	UPX
behavioral1/memory/2304-0-0x00000000745D0000-0x00000000745E7000-memory.dmp	UPX

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral1/memory/2304-2-0x00000000745E0000-0x00000000745F7000-memory.dmp	upx
behavioral1/memory/2304-0-0x00000000745D0000-0x00000000745E7000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2292 wrote to memory of 2304	2292	rundll32.exe	rundll32.exe
PID 2292 wrote to memory of 2304	2292	rundll32.exe	rundll32.exe
PID 2292 wrote to memory of 2304	2292	rundll32.exe	rundll32.exe
PID 2292 wrote to memory of 2304	2292	rundll32.exe	rundll32.exe
PID 2292 wrote to memory of 2304	2292	rundll32.exe	rundll32.exe
PID 2292 wrote to memory of 2304	2292	rundll32.exe	rundll32.exe
PID 2292 wrote to memory of 2304	2292	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2292

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3982681ae0c7a6eb1f82c28ec0ed02c237de0b1dbd6e298c9a786c68427f4e0f.dll,#1
2⤵
PID:2304

memory/2304-2-0x00000000745E0000-0x00000000745F7000-memory.dmp

Filesize
92KB

Download
memory/2304-1-0x00000000745C0000-0x00000000745D7000-memory.dmp

Filesize
92KB

Download
memory/2304-0-0x00000000745D0000-0x00000000745E7000-memory.dmp

Filesize
92KB

Download