ce09c25de53963a85dbc3490374a657333ddc5ac697daab0fd2ebfc0d9ad3b82

Analysis

max time kernel
133s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:04

Target

ce09c25de53963a85dbc3490374a657333ddc5ac697daab0fd2ebfc0d9ad3b82.dll
Size

176KB
MD5

942bd66e50cc3913d893427cce69bd89
SHA1

c4f78e708b2abacb172423c648e693b6ac63ff90
SHA256

ce09c25de53963a85dbc3490374a657333ddc5ac697daab0fd2ebfc0d9ad3b82
SHA512

1888da78098e42e6736170e39b0b8efa73c30349ac722f8bcf7fcbd407d7a0d3cec4a4b982911a0658b49858bac28398b25318bca8b02370c098029096de97f5
SSDEEP

3072:/OJQOAhrqFlNZg+gvWUG2EPTCaRpLmRLukCTh+IWlT8FYxwtD+1C8Cl+SE7x:/OJy12Zg5REPT/Pi1CT4IWlZCYCl+hx

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/4984-133-0x0000000000400000-0x0000000000475000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4940 wrote to memory of 4984	4940	rundll32.exe	rundll32.exe
PID 4940 wrote to memory of 4984	4940	rundll32.exe	rundll32.exe
PID 4940 wrote to memory of 4984	4940	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ce09c25de53963a85dbc3490374a657333ddc5ac697daab0fd2ebfc0d9ad3b82.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4940

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ce09c25de53963a85dbc3490374a657333ddc5ac697daab0fd2ebfc0d9ad3b82.dll,#1
2⤵
PID:4984

memory/4984-132-0x0000000000000000-mapping.dmp

Download
memory/4984-133-0x0000000000400000-0x0000000000475000-memory.dmp

Filesize
468KB

Download