cb79b1ecf9cdb4b5a2d0b10a2beda2be8ca35efd03e850e70b00064ced62d137

Analysis

max time kernel
88s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2022 21:30

Target

cb79b1ecf9cdb4b5a2d0b10a2beda2be8ca35efd03e850e70b00064ced62d137.dll
Size

7KB
MD5

248563ea2e2e8e222acb626e7800af62
SHA1

bd892b0bea30780a6fefc5bbb1d04e8cbe6c5400
SHA256

cb79b1ecf9cdb4b5a2d0b10a2beda2be8ca35efd03e850e70b00064ced62d137
SHA512

657667cc12c19d2635d40338bdfacf33c4c756b957a33bf33c6c919e24f47ac25a7930949b4c662dd51e64fa7a27bc6b67d0cd651068bf66c5e2051bcb748a13
SSDEEP

96:Xc7llOkyJmOpniWaMUS0suyemgf7XRKpUMdQs2UcHX59nk7hL5YWYlYWw+:4lOdYyM6uz7RKH6HX5RuhSW/Wp

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1000-133-0x0000000010000000-0x000000001000A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4436 wrote to memory of 1000	4436	rundll32.exe	56
PID 4436 wrote to memory of 1000	4436	rundll32.exe	56
PID 4436 wrote to memory of 1000	4436	rundll32.exe	56

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb79b1ecf9cdb4b5a2d0b10a2beda2be8ca35efd03e850e70b00064ced62d137.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4436
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb79b1ecf9cdb4b5a2d0b10a2beda2be8ca35efd03e850e70b00064ced62d137.dll,#1
  2⤵
  PID:1000

memory/1000-133-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download