c4f436963fb1eba5ff1fa763440f0472b4f938e7ce0f37dfcbda51bb6562396e

Analysis

max time kernel
112s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 19:34

Target

Orçamento.dll
Size

205KB
MD5

c9e67552c030ad4903b80f422da0cc41
SHA1

c587fef0f20ecc07eebcc5425d6925d67117d30c
SHA256

d99de2573b086455f015100b2bbf7c3c31a4cdc1cf993c0631ef128760f23545
SHA512

acb58a0b2dc0c8710c6683f4e0fe0d90d432a0bbdf6551f8eeaa35322c180e36de5c9de9052f793b2b331b3815f78a314b25347a0e208c424c403b640eab9f0c
SSDEEP

3072:kinRXDzOVyqIRADkihZ0I9Wm4v/60gsQDNShPcMAxBbMvvyA55wVh7okiRj:kinR+VyqyWjh2eAMsQ0hEM+ZMvh5wni

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/3180-133-0x0000000000400000-0x000000000048E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2128 wrote to memory of 3180	2128	rundll32.exe	rundll32.exe
PID 2128 wrote to memory of 3180	2128	rundll32.exe	rundll32.exe
PID 2128 wrote to memory of 3180	2128	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Orçamento.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2128

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Orçamento.dll,#1
2⤵
PID:3180

memory/3180-132-0x0000000000000000-mapping.dmp

Download
memory/3180-133-0x0000000000400000-0x000000000048E000-memory.dmp

Filesize
568KB

Download