d6554b9e57355fcb9eccb91ca38225452adc0daf1f056289d7d5c9fc137fb0e7

Analysis

max time kernel
169s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 12:39

Target

d6554b9e57355fcb9eccb91ca38225452adc0daf1f056289d7d5c9fc137fb0e7.dll
Size

113KB
MD5

753d394c2ed1a1ea4a5eaa6fba171307
SHA1

308a9ad7842a570289b3acc1e4011e8938426423
SHA256

d6554b9e57355fcb9eccb91ca38225452adc0daf1f056289d7d5c9fc137fb0e7
SHA512

cf1c833bcbad8203cc67416be586e5ca63495456dc44518b85fc6fd018496a81299884f1701583f77321f80cc1a357d507d55cf375c3758865b4013aa607c7ca
SSDEEP

1536:o8b0zyJO5R1fGyPk8zS6lglv9xs+YuVfJfQViw1jkt5PY3P6d5sXmbHDK9hEz+ew:o8Ns5HuaKlAihQ5jcxgP6b9bjKlYU

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/2320-133-0x0000000000A40000-0x0000000000A93000-memory.dmp	upx
behavioral2/memory/2320-134-0x0000000000A40000-0x0000000000A93000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3944 wrote to memory of 2320	3944	rundll32.exe	rundll32.exe
PID 3944 wrote to memory of 2320	3944	rundll32.exe	rundll32.exe
PID 3944 wrote to memory of 2320	3944	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d6554b9e57355fcb9eccb91ca38225452adc0daf1f056289d7d5c9fc137fb0e7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3944

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d6554b9e57355fcb9eccb91ca38225452adc0daf1f056289d7d5c9fc137fb0e7.dll,#1
2⤵
PID:2320

memory/2320-132-0x0000000000000000-mapping.dmp

Download
memory/2320-133-0x0000000000A40000-0x0000000000A93000-memory.dmp

Filesize
332KB

Download
memory/2320-134-0x0000000000A40000-0x0000000000A93000-memory.dmp

Filesize
332KB

Download