2db3b5c1f1dd0d686af727258200dbe4bd1584b5bb56bae7b7012d73cb56e0cd

Analysis

max time kernel
131s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 11:34

Target

2db3b5c1f1dd0d686af727258200dbe4bd1584b5bb56bae7b7012d73cb56e0cd.dll
Size

76KB
MD5

6d1a21b0186a6456ab98de623eae7090
SHA1

9d259d0c11b9cf4beb3ee333bf80cba03c5961f2
SHA256

2db3b5c1f1dd0d686af727258200dbe4bd1584b5bb56bae7b7012d73cb56e0cd
SHA512

11d50921a966d483b94bfacc78d9ba590b9c9572c56bdcd40895feb584d44c3f58af2926ea5223633f2b11d1c87de67569e683f2a2ec7a201085ab2b2387bef5
SSDEEP

768:LWSSEyJ8TxqriMgpMXr7MMiz57KHKgqaA3hgAAh3LYP0qiqunTEDeBuYopjE7COR:LWUa8criF6r7MM0O738PHyJAjjOkb

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1248-133-0x0000000075900000-0x0000000075915000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 1248	5052	rundll32.exe	81
PID 5052 wrote to memory of 1248	5052	rundll32.exe	81
PID 5052 wrote to memory of 1248	5052	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2db3b5c1f1dd0d686af727258200dbe4bd1584b5bb56bae7b7012d73cb56e0cd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2db3b5c1f1dd0d686af727258200dbe4bd1584b5bb56bae7b7012d73cb56e0cd.dll,#1
  2⤵
  PID:1248

memory/1248-133-0x0000000075900000-0x0000000075915000-memory.dmp

Filesize
84KB

Download