257c056bbf56e40cbec9d57123957b1abab7ee71911c6b6eb95363834cfab4d3

Analysis

max time kernel
90s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 15:52

Target

257c056bbf56e40cbec9d57123957b1abab7ee71911c6b6eb95363834cfab4d3.dll
Size

53KB
MD5

13e26c236ff966da2c0dddbb73bfd130
SHA1

fb0cbcc61be4ffe7838c93df0ec1bf82552e6f69
SHA256

257c056bbf56e40cbec9d57123957b1abab7ee71911c6b6eb95363834cfab4d3
SHA512

2a36e5f6838b6b44e9e33c6e65fc6c60e606c1fbf13de088d0a9a5172e5857d60e8fcddab54ddaf64b595971375bc0bde4249c091ef666096d5c9d39f0bd55d1
SSDEEP

1536:56aHSNmlAP/FwkcnNpirWmXdB7KdCMngKPW:IaimlA3FMWDHKdCIO

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2708-133-0x0000000010000000-0x000000001004D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 2708	5076	rundll32.exe	83
PID 5076 wrote to memory of 2708	5076	rundll32.exe	83
PID 5076 wrote to memory of 2708	5076	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\257c056bbf56e40cbec9d57123957b1abab7ee71911c6b6eb95363834cfab4d3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\257c056bbf56e40cbec9d57123957b1abab7ee71911c6b6eb95363834cfab4d3.dll,#1
  2⤵
  PID:2708

memory/2708-133-0x0000000010000000-0x000000001004D000-memory.dmp

Filesize
308KB

Download