62b1bd310030837de75f92e9757a32d33ffce549ad388748f23a8639d9ab614e

Analysis

max time kernel
95s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 22:35

Target

62b1bd310030837de75f92e9757a32d33ffce549ad388748f23a8639d9ab614e.dll
Size

71KB
MD5

83b9b7f34d6a8e3674a2066ae52c71e0
SHA1

5f0635ffedfc970f1798ad4fabbb68261be7344a
SHA256

62b1bd310030837de75f92e9757a32d33ffce549ad388748f23a8639d9ab614e
SHA512

d7991ca9b72f3157bcffce7f4f22444f9a0046767a6c6b3d449169b9f845382a0173df7d9a10c3b348099ace65424546fb251555b9321f94a11f738bcfc0bbb6
SSDEEP

1536:mEzchvgvxVLF42ylLtcaALEz3BTyn4axkvVlYv:mVYfO0/QpyRxkvIv

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2440-133-0x0000000010000000-0x0000000010059000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1848 wrote to memory of 2440	1848	rundll32.exe	78
PID 1848 wrote to memory of 2440	1848	rundll32.exe	78
PID 1848 wrote to memory of 2440	1848	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\62b1bd310030837de75f92e9757a32d33ffce549ad388748f23a8639d9ab614e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\62b1bd310030837de75f92e9757a32d33ffce549ad388748f23a8639d9ab614e.dll,#1
  2⤵
  PID:2440

memory/2440-133-0x0000000010000000-0x0000000010059000-memory.dmp

Filesize
356KB

Download