389df0cfdb005ab1beeb716c95919d88d1b960b509cd67a97ee9da378edea83d

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 19:25

Target

389df0cfdb005ab1beeb716c95919d88d1b960b509cd67a97ee9da378edea83d.dll
Size

52KB
MD5

7326ec26804cb9449f5d96300d64edc0
SHA1

779ce0a9a79a28c6ff415ff958527c48487ea808
SHA256

389df0cfdb005ab1beeb716c95919d88d1b960b509cd67a97ee9da378edea83d
SHA512

2ee51fc7dec68cd7dc8fe2e6d9e5046580db6e8a392f21d924dffd0e55ba5360003b5df93f5db2c79496f3819ea34dc66d839c3220ab90e4a13bf913ab9ce2f6
SSDEEP

768:z3OHS8KOzHittwZnfX1QpulrjoM9BC9uLbOJ28+xDD/IDaoJnEAL2WNN8naxkKnT:yHZD6twypuxP9vp8+pD2AxWN2afZVV1

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4284-133-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 4284	5044	rundll32.exe	82
PID 5044 wrote to memory of 4284	5044	rundll32.exe	82
PID 5044 wrote to memory of 4284	5044	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\389df0cfdb005ab1beeb716c95919d88d1b960b509cd67a97ee9da378edea83d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\389df0cfdb005ab1beeb716c95919d88d1b960b509cd67a97ee9da378edea83d.dll,#1
  2⤵
  PID:4284

memory/4284-132-0x0000000000000000-mapping.dmp

Download
memory/4284-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download