052c95df0c6e6d43b851a4a95d72e6bff405e85d3cc12f03935dadbd1924660b

Analysis

max time kernel
158s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 09:28

Target

052c95df0c6e6d43b851a4a95d72e6bff405e85d3cc12f03935dadbd1924660b.dll
Size

77KB
MD5

668f0873e5a15a6cbebf15f974c0a529
SHA1

997bb67066b2e8ebf7cdcf0dfdec92306a318b47
SHA256

052c95df0c6e6d43b851a4a95d72e6bff405e85d3cc12f03935dadbd1924660b
SHA512

082b5d258b27d397e51bd493ea7540eb98af988fc285ecb192be4a4f6fd220d6413f4d828aaba4c5209deb842a5dfc0424db38bdca27b0d566aba426e900e879
SSDEEP

1536:NAN0qdEsXpYB0MtPK3Hy2c8iVGtJwWh95GVoJGncxnm7Td4cPp:NW0qdPXpYVK3HfriAFX5Gakchm7Tycp

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/396-133-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 396	2224	rundll32.exe	79
PID 2224 wrote to memory of 396	2224	rundll32.exe	79
PID 2224 wrote to memory of 396	2224	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\052c95df0c6e6d43b851a4a95d72e6bff405e85d3cc12f03935dadbd1924660b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\052c95df0c6e6d43b851a4a95d72e6bff405e85d3cc12f03935dadbd1924660b.dll,#1
  2⤵
  PID:396

memory/396-133-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download