e55f3b49400dbce96715c36aa49bf66902901a690464b1742024ee5108446558

Analysis

max time kernel
165s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 09:43

Target

e55f3b49400dbce96715c36aa49bf66902901a690464b1742024ee5108446558.dll
Size

67KB
MD5

317ec6b20c8e4dd3b4ffd9b41765d70e
SHA1

558c542fc921450e93d05e1ed078effcf681e156
SHA256

e55f3b49400dbce96715c36aa49bf66902901a690464b1742024ee5108446558
SHA512

2b27ae07e616b74e47ce75ba2d2c06c7f7b4aa8f5226c9a13b069c633f3b09086d58f98648f157b48455c2a4fe2d671fe65d6f670d2e60a80e5990157373007a
SSDEEP

1536:7nrxDussGn4AAejPC7Mp/c+HJgKKWz3p/wBBwf:D6tV0pk+pg6t/EKf

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/924-133-0x0000000000400000-0x0000000000431000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 924	1236	rundll32.exe	79
PID 1236 wrote to memory of 924	1236	rundll32.exe	79
PID 1236 wrote to memory of 924	1236	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e55f3b49400dbce96715c36aa49bf66902901a690464b1742024ee5108446558.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e55f3b49400dbce96715c36aa49bf66902901a690464b1742024ee5108446558.dll,#1
  2⤵
  PID:924

memory/924-133-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download