6a9201833a800e3cb381f81e50a2eee3236026026004968f0d250f59a78f8d55

Analysis

max time kernel
13s
max time network
17s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 19:21

Target

6a9201833a800e3cb381f81e50a2eee3236026026004968f0d250f59a78f8d55.dll
Size

71KB
MD5

41d995c080d5afbc0901503b7f568667
SHA1

780a6c7b0be6579a11e09d2128c79dfd31a9c496
SHA256

6a9201833a800e3cb381f81e50a2eee3236026026004968f0d250f59a78f8d55
SHA512

82895df5ba8cd7605fdfc641c5dde33aea262db6928fb81dfb8eed5b7b6989f9797572b789383769767e105e7e13360cb0bcf86d5246be1a2a00d2e4891ecb7e
SSDEEP

1536:4IoC5VxRhg5Sj9tZsN22hcxcwN0rSOqedzYaPiZ8z:fokVxRh7t49StCeOqedHz

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2196-133-0x0000000010000000-0x0000000010663000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2196	2732	rundll32.exe	76
PID 2732 wrote to memory of 2196	2732	rundll32.exe	76
PID 2732 wrote to memory of 2196	2732	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a9201833a800e3cb381f81e50a2eee3236026026004968f0d250f59a78f8d55.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6a9201833a800e3cb381f81e50a2eee3236026026004968f0d250f59a78f8d55.dll,#1
  2⤵
  PID:2196

memory/2196-133-0x0000000010000000-0x0000000010663000-memory.dmp

Filesize
6.4MB

Download