f44329e97af16fe990c43ebc95a8a555271455e2a1a176f29cd6ff2983f04dc3

Analysis

max time kernel
123s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 05:15

Target

f44329e97af16fe990c43ebc95a8a555271455e2a1a176f29cd6ff2983f04dc3.dll
Size

53KB
MD5

06427e65cf8b6f3571acf7f03dda9884
SHA1

198653d258d946aca56b8f719c7790fbac1647ae
SHA256

f44329e97af16fe990c43ebc95a8a555271455e2a1a176f29cd6ff2983f04dc3
SHA512

69d0e330528dcd9b3ebecb347d1bda2c6cdf2c32bc406c19d16fcb6370d88c837b21e6aae2ebaa493b26d13a3da38b296e8828fe9c0b6dc6741e31294dedf314
SSDEEP

1536:d6aHSNmlAP/FwkcnNpirWmXdB7KdCxFipW:UaimlA3FMWDHKdCxFig

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4900-133-0x0000000010000000-0x000000001004D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 4900	1616	rundll32.exe	80
PID 1616 wrote to memory of 4900	1616	rundll32.exe	80
PID 1616 wrote to memory of 4900	1616	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f44329e97af16fe990c43ebc95a8a555271455e2a1a176f29cd6ff2983f04dc3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f44329e97af16fe990c43ebc95a8a555271455e2a1a176f29cd6ff2983f04dc3.dll,#1
  2⤵
  PID:4900

memory/4900-133-0x0000000010000000-0x000000001004D000-memory.dmp

Filesize
308KB

Download