724b941b0de5d31dd450e2bb78c05ec7f27e6a6f18c14c96b6e5afdcffeab9c0

Analysis

max time kernel
130s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 16:07

Target

724b941b0de5d31dd450e2bb78c05ec7f27e6a6f18c14c96b6e5afdcffeab9c0.dll
Size

73KB
MD5

a0c027b34b4057c1ea81f2834f777270
SHA1

e779bdf5586dbc71f78ff52926c3cca092dda526
SHA256

724b941b0de5d31dd450e2bb78c05ec7f27e6a6f18c14c96b6e5afdcffeab9c0
SHA512

52cdff3016c8a93c4fb051890be66c02472a9b3ff3e204923a0e65540f57bc4683d32aa462b7dc6086dad806f82492f042c3eae2aea4585571bdb90555a4b345
SSDEEP

1536:idsa99weHD53HleFnYrlAdIq21Ryba3I+w5o9Y2E/gk871mMEWe:pMSejR4YRjq21I9+w5oOZ871/

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3576-133-0x0000000010000000-0x000000001005E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3468 wrote to memory of 3576	3468	rundll32.exe	83
PID 3468 wrote to memory of 3576	3468	rundll32.exe	83
PID 3468 wrote to memory of 3576	3468	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\724b941b0de5d31dd450e2bb78c05ec7f27e6a6f18c14c96b6e5afdcffeab9c0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\724b941b0de5d31dd450e2bb78c05ec7f27e6a6f18c14c96b6e5afdcffeab9c0.dll,#1
  2⤵
  PID:3576

memory/3576-133-0x0000000010000000-0x000000001005E000-memory.dmp

Filesize
376KB

Download