6712476b73a5ae6ca33af23e493f7074e88f5497b5c1cf5705bdca29b6e2944c

Analysis

max time kernel
192s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 20:00

Target

6712476b73a5ae6ca33af23e493f7074e88f5497b5c1cf5705bdca29b6e2944c.dll
Size

62KB
MD5

3c3db1632a497d7f4cffa40f635d4111
SHA1

6157715fc48df57cca19fbd0c9c26b8f93479d26
SHA256

6712476b73a5ae6ca33af23e493f7074e88f5497b5c1cf5705bdca29b6e2944c
SHA512

3ebe4484719faf1b19445f317c0b3f6ca3940b79c0175de17f0318422ad1285a224291ae45be0973cd29336a9af5d34ac2a91718d291078ce2e3ce6340b748e2
SSDEEP

1536:C8C3Q/Bab8gzTn2fqK5qqCVOS+IDvnawlhD0vrycm:C8AQ3gnnLK5qqCcSJZlhwvNm

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4604-133-0x0000000010000000-0x0000000010017000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 4604	4708	rundll32.exe	81
PID 4708 wrote to memory of 4604	4708	rundll32.exe	81
PID 4708 wrote to memory of 4604	4708	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6712476b73a5ae6ca33af23e493f7074e88f5497b5c1cf5705bdca29b6e2944c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6712476b73a5ae6ca33af23e493f7074e88f5497b5c1cf5705bdca29b6e2944c.dll,#1
  2⤵
  PID:4604

memory/4604-132-0x0000000000000000-mapping.dmp

Download
memory/4604-133-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download