4893c84fb884d204f6d7272d9ec35d572027c950c83908cd6f4c2666a82dd373

Analysis

max time kernel
91s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-11-2022 13:29

Target

4893c84fb884d204f6d7272d9ec35d572027c950c83908cd6f4c2666a82dd373.dll
Size

91KB
MD5

05d1d48a5a45460c82e376a38ef2254e
SHA1

bbf1f027d37eab20b2e4dc97390d0c0ccdd24126
SHA256

4893c84fb884d204f6d7272d9ec35d572027c950c83908cd6f4c2666a82dd373
SHA512

6e4d81e733db92780f7a750ee295e817624fe65df759b3944ad58af3657893704c3ca9e5111cb17113e62769170cdc21a8fc1b0ca8a75efb45363f70d7c98557
SSDEEP

1536:0pstl9F0gv/r7r2Z6tr0BmbZzR5mZ/jWCjeiG9EGauwaJ:0OtFNv/r7r0nBmb9RUj/GyGp

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5060-133-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1144 wrote to memory of 5060	1144	rundll32.exe	80
PID 1144 wrote to memory of 5060	1144	rundll32.exe	80
PID 1144 wrote to memory of 5060	1144	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4893c84fb884d204f6d7272d9ec35d572027c950c83908cd6f4c2666a82dd373.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1144
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4893c84fb884d204f6d7272d9ec35d572027c950c83908cd6f4c2666a82dd373.dll,#1
  2⤵
  PID:5060

memory/5060-133-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download