3705bdfef6a60ccbd139dab93257de30cd7b2a61dee9c0e81dda2b994093c9d0

Analysis

max time kernel
272s
max time network
296s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 05:08

Target

3705bdfef6a60ccbd139dab93257de30cd7b2a61dee9c0e81dda2b994093c9d0.dll
Size

55KB
MD5

f4e919257fbb920bbf855f3750b33bb0
SHA1

a691ed8c1e1f915c1b031c05c1703a1c7160a298
SHA256

3705bdfef6a60ccbd139dab93257de30cd7b2a61dee9c0e81dda2b994093c9d0
SHA512

60396ab6abb6f784e808ecffd527c9f881d65d1d02913e15f01709a4f7ffd109a8a5cdb80f77d6dc6e12642096c3dee3852b58a33abc405e14534cb2cd284721
SSDEEP

768:9xBtKtqyLURMU+reypDeLDyk3g0ezkkkzEXu3nAwjVQdIFMo4w+gVVwbI4j:9TkpaLD1gvbNaVDj4w+gsIw

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3720-133-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3160 wrote to memory of 3720	3160	rundll32.exe	79
PID 3160 wrote to memory of 3720	3160	rundll32.exe	79
PID 3160 wrote to memory of 3720	3160	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3705bdfef6a60ccbd139dab93257de30cd7b2a61dee9c0e81dda2b994093c9d0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3705bdfef6a60ccbd139dab93257de30cd7b2a61dee9c0e81dda2b994093c9d0.dll,#1
  2⤵
  PID:3720

memory/3720-132-0x0000000000000000-mapping.dmp

Download
memory/3720-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download