b5fe8cc84db2c8b8aa4bd3dcea9f6648f80723ad2acb08a9512f5a5afb4ad7a4

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 10:18

Target

b5fe8cc84db2c8b8aa4bd3dcea9f6648f80723ad2acb08a9512f5a5afb4ad7a4.dll
Size

139KB
MD5

03f6368f15db4fa0fc4bddba65a9e3c0
SHA1

dfd976984cfdad014301c7ebcf455f48103daa33
SHA256

b5fe8cc84db2c8b8aa4bd3dcea9f6648f80723ad2acb08a9512f5a5afb4ad7a4
SHA512

7e6205b47aa3d761e197b97789d7bf0cbd30544816ba625187f57127570bc9a0114d7dbfbc3dd70cd45f9f23c434c742d390ced437a9e84be9b8d4938862a5d0
SSDEEP

1536:z1Hbo2hEK8S3L5GtEW50n+Sv+fgGIK1rMII4n954M9IYCsQrSt7tcWBJ:z17opK8Shjd+TZnI49zqY117tt

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2008-133-0x0000000074E10000-0x0000000074E37000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3464 wrote to memory of 2008	3464	rundll32.exe	79
PID 3464 wrote to memory of 2008	3464	rundll32.exe	79
PID 3464 wrote to memory of 2008	3464	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5fe8cc84db2c8b8aa4bd3dcea9f6648f80723ad2acb08a9512f5a5afb4ad7a4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5fe8cc84db2c8b8aa4bd3dcea9f6648f80723ad2acb08a9512f5a5afb4ad7a4.dll,#1
  2⤵
  PID:2008

memory/2008-133-0x0000000074E10000-0x0000000074E37000-memory.dmp

Filesize
156KB

Download