0bd27a497a9a0b8abbc193beddcdecdbb24ad98ff3a58cb1ab52fb85f5edf525

Analysis

max time kernel
112s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2022, 11:02

Target

0bd27a497a9a0b8abbc193beddcdecdbb24ad98ff3a58cb1ab52fb85f5edf525.dll
Size

87KB
MD5

629acfba3a78f4a26aa04a13ba2e2780
SHA1

df2c79eaba30556b2e1b60374145456b23e4c924
SHA256

0bd27a497a9a0b8abbc193beddcdecdbb24ad98ff3a58cb1ab52fb85f5edf525
SHA512

fa4bee9972676239ef07b5e7f1e595f195c269ab9aacc7951b997f4f196b76df524213f35c1cc37926ccbf01b965d4c1d9a6e2a11726f422951287fea760782f
SSDEEP

1536:okt9nGaYzrmdiGMQEZn/JCkPS4su626YUKTm56t9a0/HK6K0U:okr+6XE1/0O62HUKTMg9a0i6K0U

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1164-133-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 1164	2964	rundll32.exe	82
PID 2964 wrote to memory of 1164	2964	rundll32.exe	82
PID 2964 wrote to memory of 1164	2964	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0bd27a497a9a0b8abbc193beddcdecdbb24ad98ff3a58cb1ab52fb85f5edf525.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0bd27a497a9a0b8abbc193beddcdecdbb24ad98ff3a58cb1ab52fb85f5edf525.dll,#1
  2⤵
  PID:1164

memory/1164-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download