193405f20090893023c38f5caf1c0fbb6e0bf3bf0fab0e5af090bfa1d3ece426

Analysis

max time kernel
159s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 14:07

Target

193405f20090893023c38f5caf1c0fbb6e0bf3bf0fab0e5af090bfa1d3ece426.dll
Size

355KB
MD5

6774115ea7bedb4270506d434d4534b0
SHA1

413ff61147978722f9691f8aba3a6000ee7cc84f
SHA256

193405f20090893023c38f5caf1c0fbb6e0bf3bf0fab0e5af090bfa1d3ece426
SHA512

9d3a5ad84e7e9f60620a9be5c812f056718fe523b0459f2e4696997c99122965939dafa73e73b01ffeeb05bda642f78391d8e49994ad2c788cdf0c28967277ab
SSDEEP

6144:lg1Tqx9KYn3am9j9p+c520cEugX3qKc1f/b8NnYT7/7ESd2Q:GZIKlS9kcgPQ01fDQs7Z

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4956-133-0x0000000000400000-0x00000000004F8000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 4956	5044	rundll32.exe	83
PID 5044 wrote to memory of 4956	5044	rundll32.exe	83
PID 5044 wrote to memory of 4956	5044	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\193405f20090893023c38f5caf1c0fbb6e0bf3bf0fab0e5af090bfa1d3ece426.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\193405f20090893023c38f5caf1c0fbb6e0bf3bf0fab0e5af090bfa1d3ece426.dll,#1
  2⤵
  PID:4956

memory/4956-133-0x0000000000400000-0x00000000004F8000-memory.dmp

Filesize
992KB

Download