b0b0defab6d51281b915938cb55ed22a8632d559f3d9dd781b3332cd8aecf2c0

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 09:06

Target

b0b0defab6d51281b915938cb55ed22a8632d559f3d9dd781b3332cd8aecf2c0.dll
Size

326KB
MD5

29997fbfe5243d2bc2f41d5c8bef27e5
SHA1

bb12bfa4eb20ea4e41f7ffd40f1de9b3de07d37f
SHA256

b0b0defab6d51281b915938cb55ed22a8632d559f3d9dd781b3332cd8aecf2c0
SHA512

653b3a3baed7d2025ef092f41bd20670af72219ac2d80903b23b024b950ffe040109534cb602ecf80cc2fa65b2955055dd535a50b25c1115bde33f13a2891cff
SSDEEP

6144:LYGCO7tmvTGM1WUMuKrHkiLYB09krrA3u+41Hudbqlj5MJJOD1sHt:LBCpWNY0Ye9krrA+jImB5BDo

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/4104-133-0x0000000000400000-0x00000000004E0000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 392 wrote to memory of 4104	392	rundll32.exe	rundll32.exe
PID 392 wrote to memory of 4104	392	rundll32.exe	rundll32.exe
PID 392 wrote to memory of 4104	392	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b0b0defab6d51281b915938cb55ed22a8632d559f3d9dd781b3332cd8aecf2c0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:392

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b0b0defab6d51281b915938cb55ed22a8632d559f3d9dd781b3332cd8aecf2c0.dll,#1
2⤵
PID:4104

memory/4104-132-0x0000000000000000-mapping.dmp

Download
memory/4104-133-0x0000000000400000-0x00000000004E0000-memory.dmp

Filesize
896KB

Download