6a22c648492e0b972e1c809f1b4aee5229a664e130097a7399efb074df2725c2

Analysis

max time kernel
203s
max time network
210s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 03:39

Target

6a22c648492e0b972e1c809f1b4aee5229a664e130097a7399efb074df2725c2.dll
Size

464KB
MD5

6f088e3ebaacd4ffc078cf19e643aee0
SHA1

f38d02e58246caec41ec6c86a335b5e22608b918
SHA256

6a22c648492e0b972e1c809f1b4aee5229a664e130097a7399efb074df2725c2
SHA512

e1ac17fc314d18fa5f764cafbcacf7429e3ca2e63fee4ee93f8b5d2c23dc2e8d946561c083c50e66507382b3b24b4513b15fada8b89629865ac6fe66069e8fe9
SSDEEP

6144:mekAYkG7dzJbl2+o94Nb/CjmJqhBNdafMOu2IyuPeC6jyffgTNzExh:2kGpzhl21+Nb/taBgLP7umCfgT1O

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2432-133-0x0000000000C20000-0x0000000000C2E000-memory.dmp	upx
behavioral2/memory/2432-136-0x0000000000C20000-0x0000000000C2E000-memory.dmp	upx
behavioral2/memory/2432-137-0x0000000000C20000-0x0000000000C2E000-memory.dmp	upx
behavioral2/memory/2432-138-0x0000000000C20000-0x0000000000C2E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 444 wrote to memory of 2432	444	rundll32.exe	78
PID 444 wrote to memory of 2432	444	rundll32.exe	78
PID 444 wrote to memory of 2432	444	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a22c648492e0b972e1c809f1b4aee5229a664e130097a7399efb074df2725c2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:444
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a22c648492e0b972e1c809f1b4aee5229a664e130097a7399efb074df2725c2.dll,#1
  2⤵
  PID:2432

memory/2432-133-0x0000000000C20000-0x0000000000C2E000-memory.dmp

Filesize
56KB

Download
memory/2432-136-0x0000000000C20000-0x0000000000C2E000-memory.dmp

Filesize
56KB

Download
memory/2432-137-0x0000000000C20000-0x0000000000C2E000-memory.dmp

Filesize
56KB

Download
memory/2432-138-0x0000000000C20000-0x0000000000C2E000-memory.dmp

Filesize
56KB

Download
memory/2432-139-0x0000000000C27000-0x0000000000C2D000-memory.dmp

Filesize
24KB

Download
memory/2432-140-0x0000000000C21000-0x0000000000C27000-memory.dmp

Filesize
24KB

Download