cb4d67a6d60c990dd78082a614910dc0362cc78ecb35f3c4fe1c6fd67bcfd049

Analysis

max time kernel
91s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2022 04:16

Target

cb4d67a6d60c990dd78082a614910dc0362cc78ecb35f3c4fe1c6fd67bcfd049.dll
Size

99KB
MD5

090fa591ffb55a7bae5a7cea36ab5397
SHA1

c45024e44598106e444b6acd2b5b7eda4f4e0573
SHA256

cb4d67a6d60c990dd78082a614910dc0362cc78ecb35f3c4fe1c6fd67bcfd049
SHA512

7f9438a418eeccae8b1a320a245ca829468e222628e9f2d1ae11ff4c42b9842febe6121d94cd68ae6cc1d74c6ca0da3e3103f9b410f2a053a2301ef93c483624
SSDEEP

1536:rVGqeHHrjdj9xcNqA1qfpGX5ZE1kpCTWg+16nm:rKLjdjLcNqRfW5cmkWJb

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5032-133-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 5032	4976	rundll32.exe	80
PID 4976 wrote to memory of 5032	4976	rundll32.exe	80
PID 4976 wrote to memory of 5032	4976	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb4d67a6d60c990dd78082a614910dc0362cc78ecb35f3c4fe1c6fd67bcfd049.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb4d67a6d60c990dd78082a614910dc0362cc78ecb35f3c4fe1c6fd67bcfd049.dll,#1
  2⤵
  PID:5032

memory/5032-133-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download