60919940ab7d70e0207ae6eb7e1103dd00a8957756261031d1b1d3553dc41cee

Analysis

max time kernel
195s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2022 00:56

Target

60919940ab7d70e0207ae6eb7e1103dd00a8957756261031d1b1d3553dc41cee.dll
Size

67KB
MD5

1ee8a2d7b1cf886c64c90cbb211b071f
SHA1

1a79a8df0b0d291411f5f1579aef8b9dcccf4c75
SHA256

60919940ab7d70e0207ae6eb7e1103dd00a8957756261031d1b1d3553dc41cee
SHA512

1b94f762e069f13ae10a65a36fe41f6578c7763c03216e8f629bb49dc950cda7136dea98da205d2e94dbec6a9c0388e282668e4361379be7bd6adf93efbc85a5
SSDEEP

1536:7nrxDussGn4AAejPC7Mp/c+HJgKKWz3p/wBBwi:D6tV0pk+pg6t/EKi

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2392-133-0x0000000000400000-0x0000000000431000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 2392	5112	rundll32.exe	82
PID 5112 wrote to memory of 2392	5112	rundll32.exe	82
PID 5112 wrote to memory of 2392	5112	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\60919940ab7d70e0207ae6eb7e1103dd00a8957756261031d1b1d3553dc41cee.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\60919940ab7d70e0207ae6eb7e1103dd00a8957756261031d1b1d3553dc41cee.dll,#1
  2⤵
  PID:2392

memory/2392-132-0x0000000000000000-mapping.dmp

Download
memory/2392-133-0x0000000000400000-0x0000000000431000-memory.dmp

Filesize
196KB

Download