9f1844569286f5e6a70d9d6df7f5093fe4a47a2cc524b222f355a1b101c94c8f

Analysis

max time kernel
113s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 09:53

Target

9f1844569286f5e6a70d9d6df7f5093fe4a47a2cc524b222f355a1b101c94c8f.dll
Size

73KB
MD5

7006b50afa637374e5a8c1d431e0e560
SHA1

956aaabb53c202ec60327dc84ea630baa2e2a512
SHA256

9f1844569286f5e6a70d9d6df7f5093fe4a47a2cc524b222f355a1b101c94c8f
SHA512

b7cf0fd138bf3411cff10075fe96fe559ca16cf7be9871aaea2fa51ee4608b9ce55c62ea78ea5c5c7e67e6fffdc284463be5e0218b01f620633e205cc57bf2d6
SSDEEP

1536:Zdsa99weHD53HleFnYrlAdIq21Ryba3I+w5o9Y2E/gkaQXNy:0MSejR4YRjq21I9+w5oOZaQXN

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3340-133-0x0000000010000000-0x000000001005E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 3340	4816	rundll32.exe	83
PID 4816 wrote to memory of 3340	4816	rundll32.exe	83
PID 4816 wrote to memory of 3340	4816	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f1844569286f5e6a70d9d6df7f5093fe4a47a2cc524b222f355a1b101c94c8f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f1844569286f5e6a70d9d6df7f5093fe4a47a2cc524b222f355a1b101c94c8f.dll,#1
  2⤵
  PID:3340

memory/3340-133-0x0000000010000000-0x000000001005E000-memory.dmp

Filesize
376KB

Download