a0f007614c4e727609dabc1551b0c0a2f19766f99bc4ca7c05995e8c5f9fd900

Analysis

max time kernel
93s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 15:52

Target

a0f007614c4e727609dabc1551b0c0a2f19766f99bc4ca7c05995e8c5f9fd900.dll
Size

20KB
MD5

6d519bdd7b434868bbde8f2253e57250
SHA1

1d49a638c0013eafdb0fe49b1dcc541b9387fb7f
SHA256

a0f007614c4e727609dabc1551b0c0a2f19766f99bc4ca7c05995e8c5f9fd900
SHA512

538655c5c571a7893f95d98fc7711658a911bf43c79c6b963de781f13f0978818f5b6180344fb6c9bd213c31962362dac06d0701084101e0edefeacf9b4aee3c
SSDEEP

384:kVdPI9HH960YmiGlDThXvRLpDtpxOsHmukZF:kV5MHH960YmiGxT5hpDIWkr

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4316-133-0x0000000010000000-0x000000001001C000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 4316	4424	rundll32.exe	84
PID 4424 wrote to memory of 4316	4424	rundll32.exe	84
PID 4424 wrote to memory of 4316	4424	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0f007614c4e727609dabc1551b0c0a2f19766f99bc4ca7c05995e8c5f9fd900.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0f007614c4e727609dabc1551b0c0a2f19766f99bc4ca7c05995e8c5f9fd900.dll,#1
  2⤵
  PID:4316

memory/4316-133-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download