73aa49f9480299c9756c1f7e8d86da066ac8be575aacdc0b59214300af85d4d6

Analysis

max time kernel
133s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 15:45

Target

73aa49f9480299c9756c1f7e8d86da066ac8be575aacdc0b59214300af85d4d6.dll
Size

45KB
MD5

66be0b50cf43eb5e350f21af497a0980
SHA1

a990e605e8e0750810b547ab6032cb4c2ca05dc5
SHA256

73aa49f9480299c9756c1f7e8d86da066ac8be575aacdc0b59214300af85d4d6
SHA512

89d965bc23ab3512516098828536e6136d7d3914977b05a9964208b793e54241a971b7759109f22bdd5ab15e49055ccd8faa6b8a0e8c10fcb7ab212d8fa70478
SSDEEP

768:FW+anfMF6h6q3LUThFU5Ho6QZhI5G1jl7JLGEtWbVlegOobagMF7BErqnlzTMTjD:FFanfonWuA5I6QIcXaEgZvOougMFyrq+

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2080-133-0x0000000010000000-0x0000000010046000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3884 wrote to memory of 2080	3884	rundll32.exe	82
PID 3884 wrote to memory of 2080	3884	rundll32.exe	82
PID 3884 wrote to memory of 2080	3884	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\73aa49f9480299c9756c1f7e8d86da066ac8be575aacdc0b59214300af85d4d6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\73aa49f9480299c9756c1f7e8d86da066ac8be575aacdc0b59214300af85d4d6.dll,#1
  2⤵
  PID:2080

memory/2080-133-0x0000000010000000-0x0000000010046000-memory.dmp

Filesize
280KB

Download