39af536b60754423adff4b3a6158138f8f9bfdaf68461e8e8ae790eb9512ee60

Analysis

max time kernel
180s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 05:03

Target

39af536b60754423adff4b3a6158138f8f9bfdaf68461e8e8ae790eb9512ee60.dll
Size

701KB
MD5

37e927d1822f3754edf93669ba2b96c0
SHA1

0cbff93be9f7a11781d4e71fb8520168b481338b
SHA256

39af536b60754423adff4b3a6158138f8f9bfdaf68461e8e8ae790eb9512ee60
SHA512

56e432d997e0e59692ff154197a8eb330a00d2873f5f1b7e8f73675ca341f569f311e3ad5f9589b714929042c495849b34b3c2d74df9c589a6ed517e1e199ac2
SSDEEP

12288:IiTAZSaeC0bAKAWwmgFVPreOeM2WmQw3jKX8/PKXB:xTdQcAKAW3UrefM2WmQIsgK

Score

8^/10

upx

Blocklisted process makes network request 64 IoCs

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4820-133-0x0000000000400000-0x00000000004B1000-memory.dmp	upx
behavioral2/memory/4820-134-0x0000000000400000-0x00000000004B1000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 4820	2032	rundll32.exe	81
PID 2032 wrote to memory of 4820	2032	rundll32.exe	81
PID 2032 wrote to memory of 4820	2032	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\39af536b60754423adff4b3a6158138f8f9bfdaf68461e8e8ae790eb9512ee60.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\39af536b60754423adff4b3a6158138f8f9bfdaf68461e8e8ae790eb9512ee60.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:4820

memory/4820-133-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download
memory/4820-134-0x0000000000400000-0x00000000004B1000-memory.dmp

Filesize
708KB

Download