343221990315b1bb2bb87c887d531d5b738b8d6e62abae0560b4e2400f4462eb

Analysis

max time kernel
81s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 10:59

Target

343221990315b1bb2bb87c887d531d5b738b8d6e62abae0560b4e2400f4462eb.dll
Size

77KB
MD5

63cb6ee78a872c9fb1b6a564f16032f6
SHA1

5d7f091be134c232a4b97cb2e0d74a12cd37f81c
SHA256

343221990315b1bb2bb87c887d531d5b738b8d6e62abae0560b4e2400f4462eb
SHA512

e570613c33023ced863e09a6841634d920e5d04931038a70f62f6c6483fb1d2ebc408bcbbf7395f86964f8fda3ca6b581db5d15cf0d0a0469daf99f0433b83c1
SSDEEP

1536:yl3E0TzOsWhx++NGDVbyrEfL/NsT1MQv6A/J3JvWuYe2JViKAWj:E396+gY/N4C66UppPsJV3Ag

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1676-133-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3132 wrote to memory of 1676	3132	rundll32.exe	83
PID 3132 wrote to memory of 1676	3132	rundll32.exe	83
PID 3132 wrote to memory of 1676	3132	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\343221990315b1bb2bb87c887d531d5b738b8d6e62abae0560b4e2400f4462eb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3132
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\343221990315b1bb2bb87c887d531d5b738b8d6e62abae0560b4e2400f4462eb.dll,#1
  2⤵
  PID:1676

memory/1676-133-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download