aa042b148014207c0453f12e5c5c365469f7bb7c8e8eeeb9c2f1dfe19543420a

Analysis

max time kernel
138s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 10:01

Target

aa042b148014207c0453f12e5c5c365469f7bb7c8e8eeeb9c2f1dfe19543420a.dll
Size

113KB
MD5

4056a199aff5b390faa285881ae3d890
SHA1

39b155e7a9756fd7534e50598d15a942aeb6d7d0
SHA256

aa042b148014207c0453f12e5c5c365469f7bb7c8e8eeeb9c2f1dfe19543420a
SHA512

9c11a886dd3524cc6390699cedf855c97151536545983a196d6b3b2d2b957c5fdc94c4f8cf8d74d93f1082d1c55e01702f9b1d25fee6ce5a468d1791baf42ef7
SSDEEP

1536:y+bFc3jJtT+d5iDA5OO6ON2FhGMsKWItQK8Mqpcs1RQ5+bFFkzWCi8Qaa:RF8JtU5f5TMWOQK8MqVH+IH

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/800-133-0x0000000000690000-0x00000000006E2000-memory.dmp	upx
behavioral2/memory/800-134-0x0000000000690000-0x00000000006E2000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1708 wrote to memory of 800	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 800	1708	rundll32.exe	rundll32.exe
PID 1708 wrote to memory of 800	1708	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa042b148014207c0453f12e5c5c365469f7bb7c8e8eeeb9c2f1dfe19543420a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aa042b148014207c0453f12e5c5c365469f7bb7c8e8eeeb9c2f1dfe19543420a.dll,#1
  2⤵
  PID:800

memory/800-132-0x0000000000000000-mapping.dmp

Download
memory/800-133-0x0000000000690000-0x00000000006E2000-memory.dmp

Filesize
328KB

Download
memory/800-134-0x0000000000690000-0x00000000006E2000-memory.dmp

Filesize
328KB

Download