d38a0a7174707a853df909b60b0be3288fdce653971e7c3eea8d790cc09fafad

Analysis

max time kernel
278s
max time network
406s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2022, 01:05

Target

d38a0a7174707a853df909b60b0be3288fdce653971e7c3eea8d790cc09fafad.dll
Size

16KB
MD5

534dc20cc9ef94bab656950e758955c9
SHA1

10553794688fc549aac73b324dd04dfaf19f132e
SHA256

d38a0a7174707a853df909b60b0be3288fdce653971e7c3eea8d790cc09fafad
SHA512

286ae72b81f0333e32928eb90ee3fc855b912af48c89f052ad21d21cabad9c4f9e3bbdc8ca7cffca1400b29feb9e363f49eb4ca223c04526feaa519114e0b029
SSDEEP

384:Eg/9m7f9OzuPlMco4F5hAK8gAEOK4/vGzpSApE:KfAzBco0TAK8dEVSvGzzG

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3368-133-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/3368-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 3368	1420	rundll32.exe	79
PID 1420 wrote to memory of 3368	1420	rundll32.exe	79
PID 1420 wrote to memory of 3368	1420	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d38a0a7174707a853df909b60b0be3288fdce653971e7c3eea8d790cc09fafad.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d38a0a7174707a853df909b60b0be3288fdce653971e7c3eea8d790cc09fafad.dll,#1
  2⤵
  PID:3368

memory/3368-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/3368-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download