e9ea56af616c936be266d8654643412d07c3046fb6c7d2cfb8e09bb775005a9a

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 07:54

Target

e9ea56af616c936be266d8654643412d07c3046fb6c7d2cfb8e09bb775005a9a.dll
Size

195KB
MD5

4f5894c109ac2df0ee6326a55073f0e4
SHA1

db5ceeb6a89a9abad401d0d4d9860246d892d19a
SHA256

e9ea56af616c936be266d8654643412d07c3046fb6c7d2cfb8e09bb775005a9a
SHA512

79680a6b17fd449d9d26d00186f496f18eb6e601b3035d30081022a0daa0d62e773ac14ad96c0df8b7dea988b5877c9ea442736f4a6bb80b6027830a836ca158
SSDEEP

3072:8K35ZY7nm9wDUfoTF4eiJILmThxOqoIdRs4O5KYTLi9nvGjiAtnltEyBW:897nm9IUfwb6ThdzuLiOlt

Score

8^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3404-133-0x00000000010C0000-0x00000000010CD000-memory.dmp	upx
behavioral2/memory/3404-137-0x00000000010C0000-0x00000000010CD000-memory.dmp	upx
behavioral2/memory/3404-136-0x00000000010C0000-0x00000000010CD000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 3404	1528	rundll32.exe	73
PID 1528 wrote to memory of 3404	1528	rundll32.exe	73
PID 1528 wrote to memory of 3404	1528	rundll32.exe	73

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e9ea56af616c936be266d8654643412d07c3046fb6c7d2cfb8e09bb775005a9a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e9ea56af616c936be266d8654643412d07c3046fb6c7d2cfb8e09bb775005a9a.dll,#1
  2⤵
  PID:3404

memory/3404-133-0x00000000010C0000-0x00000000010CD000-memory.dmp

Filesize
52KB

Download
memory/3404-137-0x00000000010C0000-0x00000000010CD000-memory.dmp

Filesize
52KB

Download
memory/3404-136-0x00000000010C0000-0x00000000010CD000-memory.dmp

Filesize
52KB

Download
memory/3404-138-0x00000000010B0000-0x00000000010B6000-memory.dmp

Filesize
24KB

Download
memory/3404-139-0x00000000010C7000-0x00000000010CC000-memory.dmp

Filesize
20KB

Download
memory/3404-140-0x00000000010C1000-0x00000000010C7000-memory.dmp

Filesize
24KB

Download