a650c4357227b0fd8ba6cd6dc3a9fb0b53812ee8caa79544f419add2b653bdfb

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/06/2024, 12:28

Target

VirusShare_1b266f23cab5ae881ca35344e86c3ef0.dll
Size

148KB
MD5

1b266f23cab5ae881ca35344e86c3ef0
SHA1

02fd7e7c00c2bea42541ff3043641a4e655d7299
SHA256

a650c4357227b0fd8ba6cd6dc3a9fb0b53812ee8caa79544f419add2b653bdfb
SHA512

54c5e5418eecb6cb2ad213287cd9211f3cde6cd72b75ec50c499c7f27ec3a737f2ff4c8876359001317f1d8de507a5a24855aba78b0728493b2680b319d6435a
SSDEEP

3072:IjlVttNwkVCmq+UyCcGuCu/YFzH5h95OEbzk:IJVDNFCuCmLYFzvPOEU

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2884-1-0x00000000001E0000-0x0000000000213000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2884	2868	rundll32.exe	28
PID 2868 wrote to memory of 2884	2868	rundll32.exe	28
PID 2868 wrote to memory of 2884	2868	rundll32.exe	28
PID 2868 wrote to memory of 2884	2868	rundll32.exe	28
PID 2868 wrote to memory of 2884	2868	rundll32.exe	28
PID 2868 wrote to memory of 2884	2868	rundll32.exe	28
PID 2868 wrote to memory of 2884	2868	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_1b266f23cab5ae881ca35344e86c3ef0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_1b266f23cab5ae881ca35344e86c3ef0.dll,#1
  2⤵
  PID:2884

memory/2884-0-0x00000000001ED000-0x00000000001F0000-memory.dmp

Filesize
12KB

Download
memory/2884-1-0x00000000001E0000-0x0000000000213000-memory.dmp

Filesize
204KB

Download