3b2300ec88ec176aa54bcd80adf2937f9ec4809a95c0ef437feb40acf4772073

Analysis

max time kernel
175s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 20:17

Target

3b2300ec88ec176aa54bcd80adf2937f9ec4809a95c0ef437feb40acf4772073.dll
Size

73KB
MD5

5f34840ef922f12368abc87c36950490
SHA1

399270197a39ff64d4e9273774fda878dba7d981
SHA256

3b2300ec88ec176aa54bcd80adf2937f9ec4809a95c0ef437feb40acf4772073
SHA512

12987878340b77dd817757080b050559753181abeae50fccff375ce4165c5fb2593c9f1222c91e9ca7d31c0b20cb7d3177cadb572f31d47f592c83af8f371d04
SSDEEP

1536:Fdsa99weHD53HleFnYrlAdIq21Ryba3I+w5o9Y2E/gk3DAbmENX:YMSejR4YRjq21I9+w5oOZ3DhE

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4472-133-0x0000000010000000-0x000000001005E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 4472	4948	rundll32.exe	82
PID 4948 wrote to memory of 4472	4948	rundll32.exe	82
PID 4948 wrote to memory of 4472	4948	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b2300ec88ec176aa54bcd80adf2937f9ec4809a95c0ef437feb40acf4772073.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b2300ec88ec176aa54bcd80adf2937f9ec4809a95c0ef437feb40acf4772073.dll,#1
  2⤵
  PID:4472

memory/4472-133-0x0000000010000000-0x000000001005E000-memory.dmp

Filesize
376KB

Download