5b5290a7ebacc79ea67117e7353403937ea42bbffd2f39e902544063ee02aa54

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:42

Target

5b5290a7ebacc79ea67117e7353403937ea42bbffd2f39e902544063ee02aa54.dll
Size

43KB
MD5

52d90a37ff5cbf88d513956b0473f076
SHA1

754da0424baae9f488a0bfda213848c9be743cf3
SHA256

5b5290a7ebacc79ea67117e7353403937ea42bbffd2f39e902544063ee02aa54
SHA512

38309e6ba680e06268f87546e7e927d782104ff10ceed5845ba15f7300039603d6ffab82205cfc347815930d7ca86e3f3541af0ad7ddb414c459aafbb31460ce
SSDEEP

768:0tX7Gc6qdKTEIMNsxbia0aWgObcB9MrmJy/8r5M5UtlzRG+/6:0x4qHIWsxbialWnbK9MqJ48Nbl8F

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2040-133-0x0000000010000000-0x000000001001D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4004 wrote to memory of 2040	4004	rundll32.exe	rundll32.exe
PID 4004 wrote to memory of 2040	4004	rundll32.exe	rundll32.exe
PID 4004 wrote to memory of 2040	4004	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b5290a7ebacc79ea67117e7353403937ea42bbffd2f39e902544063ee02aa54.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4004

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b5290a7ebacc79ea67117e7353403937ea42bbffd2f39e902544063ee02aa54.dll,#1
2⤵
PID:2040

memory/2040-132-0x0000000000000000-mapping.dmp

Download
memory/2040-133-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download