f75fb463c17d70d2bf25bcd0635c9aa2b0913d861d4b0058d04e6b8793e2d156

Analysis

max time kernel
200s
max time network
219s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 19:21

Target

f75fb463c17d70d2bf25bcd0635c9aa2b0913d861d4b0058d04e6b8793e2d156.dll
Size

59KB
MD5

6b0be2ee779fe7ce46f7df9f8e5204e0
SHA1

3cef4aeb47350a494104296852dbfe01ab27d494
SHA256

f75fb463c17d70d2bf25bcd0635c9aa2b0913d861d4b0058d04e6b8793e2d156
SHA512

0ea971ccd776c7f8dd9e76411b88eb4cb91ee35e3b35504b17e2e641e2bc7b6f8810f9ce61c0ccf62ed4fb2bb85a81f148e070754637ed893c0c778bb5f5b725
SSDEEP

768:4X07tGPXE5WnLiQ9jFwfzSVgPJjc1NQDeS1x/IX92E/Lzh2AFeqK1bPRQL3K4N7/:4sKXERf6gPENQvGN2aJ2AwQLf37

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1072-133-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1060 wrote to memory of 1072	1060	rundll32.exe	83
PID 1060 wrote to memory of 1072	1060	rundll32.exe	83
PID 1060 wrote to memory of 1072	1060	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f75fb463c17d70d2bf25bcd0635c9aa2b0913d861d4b0058d04e6b8793e2d156.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f75fb463c17d70d2bf25bcd0635c9aa2b0913d861d4b0058d04e6b8793e2d156.dll,#1
  2⤵
  PID:1072

memory/1072-132-0x0000000000000000-mapping.dmp

Download
memory/1072-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download