bcd05c60694e9d659ce92e6d08bcbd81c455b99071cbea36345072140fc6abdb

Analysis

max time kernel
92s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 23:26

Target

bcd05c60694e9d659ce92e6d08bcbd81c455b99071cbea36345072140fc6abdb.dll
Size

479KB
MD5

90424ef9fbe2da629971e050856c50f0
SHA1

0672681bd268110dcca88c569deefede49afc78f
SHA256

bcd05c60694e9d659ce92e6d08bcbd81c455b99071cbea36345072140fc6abdb
SHA512

cf758b63df2152bda95061f134d25109f49e87fd7c446105092e7e26f6e926805a29314c7074aa4dcf27bb215e1ae2acc7cffd305a0702395325d56eff836acd
SSDEEP

12288:LQE7rYEYfAiS6K6lQCYZ9XaRxFYa0WC9FO:JHKfAV6K62CYZ90EalY

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4984-133-0x0000000000400000-0x000000000047A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 4984	5036	rundll32.exe	81
PID 5036 wrote to memory of 4984	5036	rundll32.exe	81
PID 5036 wrote to memory of 4984	5036	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcd05c60694e9d659ce92e6d08bcbd81c455b99071cbea36345072140fc6abdb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcd05c60694e9d659ce92e6d08bcbd81c455b99071cbea36345072140fc6abdb.dll,#1
  2⤵
  PID:4984

memory/4984-133-0x0000000000400000-0x000000000047A000-memory.dmp

Filesize
488KB

Download