1d84ff22b8c5001b599d0193aa63bed36577a8c61e5be1fc2549a2d3f6861137

Analysis

max time kernel
95s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2022, 01:25

Target

1d84ff22b8c5001b599d0193aa63bed36577a8c61e5be1fc2549a2d3f6861137.dll
Size

19KB
MD5

5a534b146918c6f212b45e6cef391ac0
SHA1

564eee9b1afe1024d70a0601b62cf6792f89cf6a
SHA256

1d84ff22b8c5001b599d0193aa63bed36577a8c61e5be1fc2549a2d3f6861137
SHA512

065d0d0822b1ecb413fe7637cde051d4346ae7e82fd3a657f6f77be635addd16db3753c87309572daaf819dc6862f41e2164183a774787b7b743fadccda9dc11
SSDEEP

384:bo6HZqPeLj4AJVQb/50yTPcB9RGT5STggjlLwApf3bUh5e1rfZWxm9:bmPeLNyj+5LDJpf3bUPe1rcxm9

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4444-133-0x0000000000400000-0x0000000000411000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4596 wrote to memory of 4444	4596	rundll32.exe	80
PID 4596 wrote to memory of 4444	4596	rundll32.exe	80
PID 4596 wrote to memory of 4444	4596	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d84ff22b8c5001b599d0193aa63bed36577a8c61e5be1fc2549a2d3f6861137.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4596
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1d84ff22b8c5001b599d0193aa63bed36577a8c61e5be1fc2549a2d3f6861137.dll,#1
  2⤵
  PID:4444

memory/4444-133-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download