4a0840bc8396d081139ad59c7ac22ca9f3ab28a2a027d6a88b695c4aabbc2452

Analysis

max time kernel
150s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 04:53 UTC

Target

4a0840bc8396d081139ad59c7ac22ca9f3ab28a2a027d6a88b695c4aabbc2452.dll
Size

67KB
MD5

0853e7aaec434849cf6e07e57c9344d0
SHA1

6ccfdc64949bcd17bd485184ca69eae429b510cf
SHA256

4a0840bc8396d081139ad59c7ac22ca9f3ab28a2a027d6a88b695c4aabbc2452
SHA512

3eb100eb372ef438ade07bedf81337e513537ea6d6766c61906ae9db99fcd153024fb3b398f19d089823d492c1e2222b814b5a128da9ad12cc6ea92e2c16ee4b
SSDEEP

1536:wvJpyfY820v+0WsJ3Bdxf5Jk+hF7S7kVlp62EN7n4ocRFfSr:6pv1o+c3B75Pk7kJ62E94ocLfSr

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4932-133-0x0000000010000000-0x000000001040F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 4932	2252	rundll32.exe	79
PID 2252 wrote to memory of 4932	2252	rundll32.exe	79
PID 2252 wrote to memory of 4932	2252	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a0840bc8396d081139ad59c7ac22ca9f3ab28a2a027d6a88b695c4aabbc2452.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4a0840bc8396d081139ad59c7ac22ca9f3ab28a2a027d6a88b695c4aabbc2452.dll,#1
  2⤵
  PID:4932

No results found

No results found

memory/4932-133-0x0000000010000000-0x000000001040F000-memory.dmp

Filesize
4.1MB

Download