029c12feaeb4fb171164e994999a81892237a83079726d0ae11cd68a5c94a4b0

Analysis

max time kernel
105s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 09:35

Target

029c12feaeb4fb171164e994999a81892237a83079726d0ae11cd68a5c94a4b0.dll
Size

61KB
MD5

71c7d3c0e820a6388630a119fd0b3c33
SHA1

a36124ec46d89545621206336e8405ba005c8f5f
SHA256

029c12feaeb4fb171164e994999a81892237a83079726d0ae11cd68a5c94a4b0
SHA512

3eb5d43adccf516b7599b0b22b4fe59f1cc882f58c436aa18c39ee690649e415718c56e7e9ca34de16281fe2e3cdf016336d8b4cbc0a5b010977171bc91b1a82
SSDEEP

768:Gx4m7JNSll3dTG+RoWsVtiIfHLbi/zsE1fnJi0cFOR3z7Xgr++c4p+unB2:Bm1NGJVG5VVEIusEdnSF+3z7QrjcyZ2

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4896-133-0x0000000010000000-0x0000000010013000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 4896	4872	rundll32.exe	81
PID 4872 wrote to memory of 4896	4872	rundll32.exe	81
PID 4872 wrote to memory of 4896	4872	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\029c12feaeb4fb171164e994999a81892237a83079726d0ae11cd68a5c94a4b0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4872
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\029c12feaeb4fb171164e994999a81892237a83079726d0ae11cd68a5c94a4b0.dll,#1
  2⤵
  PID:4896

memory/4896-133-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download