85e0b8a5e424eb9a20e6aa5af011f139419055376ceb49279e074251e480b4a3

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
28-05-2024 23:24

Target

85e0b8a5e424eb9a20e6aa5af011f139419055376ceb49279e074251e480b4a3.dll
Size

76KB
MD5

147930c5952684ca8aba0510b327c8ab
SHA1

ba81df84fdd51652a2f9643d57263c2a72cb0196
SHA256

85e0b8a5e424eb9a20e6aa5af011f139419055376ceb49279e074251e480b4a3
SHA512

bf45c6065c3848e0eab128b80d3e6e39158a3249600ada3d6958c6f6034235b0dbb93f2c6356b4c729ed48372496a0762bfbaa8f7bd414d6f3dc2599c4438ccf
SSDEEP

1536:YjV8y93KQpFQmPLRk7G50zy/riF12jvRyo0hQk7ZnIOjO7ef:c8y93KQjy7G55riF1cMo03NIMf

Score

9^/10

upx

UPX dump on OEP (original entry point) 2 IoCs

resource	yara_rule
behavioral1/memory/1288-0-0x0000000010000000-0x0000000010030000-memory.dmp	UPX
behavioral1/memory/1288-2-0x0000000010000000-0x0000000010030000-memory.dmp	UPX

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1288-0-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/1288-2-0x0000000010000000-0x0000000010030000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1288	2320	rundll32.exe	28
PID 2320 wrote to memory of 1288	2320	rundll32.exe	28
PID 2320 wrote to memory of 1288	2320	rundll32.exe	28
PID 2320 wrote to memory of 1288	2320	rundll32.exe	28
PID 2320 wrote to memory of 1288	2320	rundll32.exe	28
PID 2320 wrote to memory of 1288	2320	rundll32.exe	28
PID 2320 wrote to memory of 1288	2320	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\85e0b8a5e424eb9a20e6aa5af011f139419055376ceb49279e074251e480b4a3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\85e0b8a5e424eb9a20e6aa5af011f139419055376ceb49279e074251e480b4a3.dll,#1
  2⤵
  PID:1288

memory/1288-0-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/1288-2-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download