3b6a03104a74422ce9cf39f97847b103d140842aed0d90b86988afb4205b876d

Analysis

max time kernel
161s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 04:19

Target

3b6a03104a74422ce9cf39f97847b103d140842aed0d90b86988afb4205b876d.dll
Size

73KB
MD5

54be8a82f7398d7d80e256e0bf8576e4
SHA1

d780a83a282f4742f90bcfe9119d3fb8c64fc790
SHA256

3b6a03104a74422ce9cf39f97847b103d140842aed0d90b86988afb4205b876d
SHA512

fa5769541ed986bba8ef05c5b021443ca43754caea3fb3a499f9af675f3ec96a1ef8c2e1f690cf82d6450081bb9d71fb068e5c56ceadb9e181cd527eff5673db
SSDEEP

1536:Iykzkagrwe8Sh4+jVYAILWUsILri5f+BBArg:IFzkaiF80VaAf8LSf+Bmrg

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3604-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4184 wrote to memory of 3604	4184	rundll32.exe	82
PID 4184 wrote to memory of 3604	4184	rundll32.exe	82
PID 4184 wrote to memory of 3604	4184	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b6a03104a74422ce9cf39f97847b103d140842aed0d90b86988afb4205b876d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b6a03104a74422ce9cf39f97847b103d140842aed0d90b86988afb4205b876d.dll,#1
  2⤵
  PID:3604

memory/3604-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download