ad7a6428108f2d01f2e1b747fc5f225fe7e32da7219c7df017a566566954b173

Analysis

max time kernel
246s
max time network
277s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:47

Target

ad7a6428108f2d01f2e1b747fc5f225fe7e32da7219c7df017a566566954b173.dll
Size

406KB
MD5

6aea0226a87d8d144963ab68b02009ac
SHA1

6dcc3d247ac8e872c8cfb7db73e1de1032fc6b11
SHA256

ad7a6428108f2d01f2e1b747fc5f225fe7e32da7219c7df017a566566954b173
SHA512

d171cb12715b1952d4f214780472668d57604e1f4efba798f1a84dab633ab39a95830ec80dee4a7abfa5969ea4d472f21f54d99ff480d02660c41e3f9489af4a
SSDEEP

12288:7RrQLhYW3kv/eT2TEjXqYZsEVUyXe5U1:7Rkuv/jEuYaKUaey1

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/4220-134-0x0000000010000000-0x000000001012A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3388 wrote to memory of 4220	3388	rundll32.exe	rundll32.exe
PID 3388 wrote to memory of 4220	3388	rundll32.exe	rundll32.exe
PID 3388 wrote to memory of 4220	3388	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad7a6428108f2d01f2e1b747fc5f225fe7e32da7219c7df017a566566954b173.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3388

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad7a6428108f2d01f2e1b747fc5f225fe7e32da7219c7df017a566566954b173.dll,#1
2⤵
PID:4220

memory/4220-133-0x0000000000000000-mapping.dmp

Download
memory/4220-134-0x0000000010000000-0x000000001012A000-memory.dmp

Filesize
1.2MB

Download