e48519ee4679cf27c5db14e4a7e28b728c5f1b3ce81822a0ad1a4f557778ba48

Analysis

max time kernel
141s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 03:45

Target

e48519ee4679cf27c5db14e4a7e28b728c5f1b3ce81822a0ad1a4f557778ba48.dll
Size

49KB
MD5

0955d6a1c5b18dbdf33126e908a028e0
SHA1

85a0c107ddeadcec0c6554959c742fdc095eb2b5
SHA256

e48519ee4679cf27c5db14e4a7e28b728c5f1b3ce81822a0ad1a4f557778ba48
SHA512

1a3d48483cbb690fb99a83b1b71ab97db1c284f6ee2190493781c277fd2b9c5d002433a238e0c683cef99c561bfb3f4d202b2a74055b757c9cdf71866297e98f
SSDEEP

768:kuCB8+Bj3U5vGreesVMi58ILF+eStT/9O+T4vslBsNBrY4dcNEC09lozrl:wU5WJiiIhStTlOefz+djA

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3704-133-0x0000000010000000-0x0000000010047000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 3704	1284	rundll32.exe	79
PID 1284 wrote to memory of 3704	1284	rundll32.exe	79
PID 1284 wrote to memory of 3704	1284	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e48519ee4679cf27c5db14e4a7e28b728c5f1b3ce81822a0ad1a4f557778ba48.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e48519ee4679cf27c5db14e4a7e28b728c5f1b3ce81822a0ad1a4f557778ba48.dll,#1
  2⤵
  PID:3704

memory/3704-133-0x0000000010000000-0x0000000010047000-memory.dmp

Filesize
284KB

Download