6740951d3a5cd6882230aa0f86d5336e465cbc3f498de47ca4d6e7d5bec6ea67

Analysis

max time kernel
162s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 21:44

Target

6740951d3a5cd6882230aa0f86d5336e465cbc3f498de47ca4d6e7d5bec6ea67.dll
Size

316KB
MD5

902a471e1b303445071ca4d562e1af00
SHA1

25fcb170293a6f7c29a193fd06cf9d414fb62866
SHA256

6740951d3a5cd6882230aa0f86d5336e465cbc3f498de47ca4d6e7d5bec6ea67
SHA512

02fc94c36f4e251ce5ac02fca79b8c89f6395a2654a6406c0e74b85f43abc90399f8a35b5096dfed3e6b4de34d5b88259f0ef03e875a46a92a21f202d33373a0
SSDEEP

3072:QvlLqknarFs5Cy61iX/Lk+AOm65kq7dLizE50QXFBdjYwS/4gyYeglBN8HEjB1oO:QvlNPCykiX/w+A05V78E1T2ZyhCr7X

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4876-133-0x0000000000A70000-0x0000000000A7D000-memory.dmp	upx
behavioral2/memory/4876-136-0x0000000000A70000-0x0000000000A7D000-memory.dmp	upx
behavioral2/memory/4876-137-0x0000000000A70000-0x0000000000A7D000-memory.dmp	upx
behavioral2/memory/4876-138-0x0000000000A70000-0x0000000000A7D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 4876	4548	rundll32.exe	83
PID 4548 wrote to memory of 4876	4548	rundll32.exe	83
PID 4548 wrote to memory of 4876	4548	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6740951d3a5cd6882230aa0f86d5336e465cbc3f498de47ca4d6e7d5bec6ea67.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6740951d3a5cd6882230aa0f86d5336e465cbc3f498de47ca4d6e7d5bec6ea67.dll,#1
  2⤵
  PID:4876

memory/4876-133-0x0000000000A70000-0x0000000000A7D000-memory.dmp

Filesize
52KB

Download
memory/4876-136-0x0000000000A70000-0x0000000000A7D000-memory.dmp

Filesize
52KB

Download
memory/4876-137-0x0000000000A70000-0x0000000000A7D000-memory.dmp

Filesize
52KB

Download
memory/4876-138-0x0000000000A70000-0x0000000000A7D000-memory.dmp

Filesize
52KB

Download
memory/4876-139-0x0000000000A76000-0x0000000000A7C000-memory.dmp

Filesize
24KB

Download
memory/4876-140-0x0000000000A71000-0x0000000000A76000-memory.dmp

Filesize
20KB

Download