83b0ca077aabd6d680617d8ec9887d2eeb2d1812729105f5fb239adca7b17849

Analysis

max time kernel
185s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 12:39

Target

83b0ca077aabd6d680617d8ec9887d2eeb2d1812729105f5fb239adca7b17849.dll
Size

113KB
MD5

9d85a2c35805ddc04c8a894597d7cd6a
SHA1

3e3f63519555416f0789121f90628b6759908f2f
SHA256

83b0ca077aabd6d680617d8ec9887d2eeb2d1812729105f5fb239adca7b17849
SHA512

e52c8dabd8bf5c4ab7497dd3d99d4f2ca31e811dbb0243cb4f6d67e7c374fc0960d6f54a7705f7c2708fd96dccec3fdef4ee3c0d2bafbcae9876fc0310924ca6
SSDEEP

3072:G8Ns5HuaKlAihQ5jcxgP6b9bjKd5Dm0x:G8Ns5HudlZ8Ijm9l

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/752-133-0x0000000000400000-0x0000000000453000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1328 wrote to memory of 752	1328	rundll32.exe	rundll32.exe
PID 1328 wrote to memory of 752	1328	rundll32.exe	rundll32.exe
PID 1328 wrote to memory of 752	1328	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\83b0ca077aabd6d680617d8ec9887d2eeb2d1812729105f5fb239adca7b17849.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1328

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\83b0ca077aabd6d680617d8ec9887d2eeb2d1812729105f5fb239adca7b17849.dll,#1
2⤵
PID:752

memory/752-132-0x0000000000000000-mapping.dmp

Download
memory/752-133-0x0000000000400000-0x0000000000453000-memory.dmp

Filesize
332KB

Download