ae60e759ada1fb13e7b412ffdd62e955ca2926cc2feb48122f69e3d23b0a2767

Analysis

max time kernel
185s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2022 18:52

Target

ae60e759ada1fb13e7b412ffdd62e955ca2926cc2feb48122f69e3d23b0a2767.dll
Size

79KB
MD5

0bd0c0bb116d64d5b2d33793538ecf89
SHA1

d10cd1322440b04ab14de01513b77657f8c1ae65
SHA256

ae60e759ada1fb13e7b412ffdd62e955ca2926cc2feb48122f69e3d23b0a2767
SHA512

947d4245ac2be91f7d03a4cbde109191a28324a17dfef83713c0de065a5bb72b7e8f6aa5ef4b3b6f3657f4b75ba8cd5ccee9a1b7f5b4e96717c326223266c7a8
SSDEEP

1536:yok0mU99Qr+DKJ6PwqqcolB/ff8o99u6lL/sbn+pRglk/F92HWOmLu:/maQOo6Pwqq/Rfd+cDvglk/+T

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3000-133-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 3000	684	rundll32.exe	80
PID 684 wrote to memory of 3000	684	rundll32.exe	80
PID 684 wrote to memory of 3000	684	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae60e759ada1fb13e7b412ffdd62e955ca2926cc2feb48122f69e3d23b0a2767.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ae60e759ada1fb13e7b412ffdd62e955ca2926cc2feb48122f69e3d23b0a2767.dll,#1
  2⤵
  PID:3000

memory/3000-132-0x0000000000000000-mapping.dmp

Download
memory/3000-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download