aa32c79b1534e06042dedb06c49b82cc8f6bc42a909aef955948bdf82d79588b

Analysis

max time kernel
6s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2022, 22:55

Target

aa32c79b1534e06042dedb06c49b82cc8f6bc42a909aef955948bdf82d79588b.dll
Size

49KB
MD5

0d67915ce6e21ef4012b19cd3f1b5700
SHA1

b7c03148ee6451b4dc8a135dedfd1901a95d9dd4
SHA256

aa32c79b1534e06042dedb06c49b82cc8f6bc42a909aef955948bdf82d79588b
SHA512

dcba9714d553010ec2094edc4d39defd7e23dd5cfb3b7536fe135fa78bdad28f1a42a13738cc288180e8dc3ab2f95db2875cc27766d544bf913b0e80466edc53
SSDEEP

768:w+mhztKgQBM2UhmN9oxgh4yZ3aJSD7V761dX13y9uvwXCcE6nqlHOsOXpnb3:wNzRX2UhmNq9oKe+Zh00wXvnqNOsOZb

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1404-133-0x0000000010000000-0x0000000010049000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 1404	5104	rundll32.exe	19
PID 5104 wrote to memory of 1404	5104	rundll32.exe	19
PID 5104 wrote to memory of 1404	5104	rundll32.exe	19

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa32c79b1534e06042dedb06c49b82cc8f6bc42a909aef955948bdf82d79588b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa32c79b1534e06042dedb06c49b82cc8f6bc42a909aef955948bdf82d79588b.dll,#1
  2⤵
  PID:1404

memory/1404-133-0x0000000010000000-0x0000000010049000-memory.dmp

Filesize
292KB

Download