695b04c3c64a79db02f0af24f85c02087aaee3f900b163d81c0464ae92cac573

Analysis

max time kernel
139s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 20:06

Target

695b04c3c64a79db02f0af24f85c02087aaee3f900b163d81c0464ae92cac573.dll
Size

68KB
MD5

84a988302b91a8614e1fe9fc8569cbed
SHA1

581ce126c532296fcf9061afedcf2ae17bd884e3
SHA256

695b04c3c64a79db02f0af24f85c02087aaee3f900b163d81c0464ae92cac573
SHA512

f6fa78f4c74f07a5a0ad0c52d46f43dcec9f066562f149145eff894c536301dda72c43d532efbbf05215bfcd59047f2120a3edc9f3c54427ea9e73ff9c6c5c66
SSDEEP

1536:mPO6KEVbsVP0gCv6rb85mSgSo22sWVndalOB1/+nM7Hky4AC5PznMnG:cMEVbsVcFm0mWxP4w4BoCTuzEG

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4812-133-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 4812	684	rundll32.exe	83
PID 684 wrote to memory of 4812	684	rundll32.exe	83
PID 684 wrote to memory of 4812	684	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\695b04c3c64a79db02f0af24f85c02087aaee3f900b163d81c0464ae92cac573.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\695b04c3c64a79db02f0af24f85c02087aaee3f900b163d81c0464ae92cac573.dll,#1
  2⤵
  PID:4812

memory/4812-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download