84d91659286ba5fa2fbc485842f30ad824e97dac12632f95ad632935560459bd

Analysis

max time kernel
219s
max time network
249s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 19:42

Target

84d91659286ba5fa2fbc485842f30ad824e97dac12632f95ad632935560459bd.dll
Size

75KB
MD5

fdddb5167e36f455094c51f1788b8019
SHA1

aebb3e15f5059c3a175fb4ed08bea105692b08f9
SHA256

84d91659286ba5fa2fbc485842f30ad824e97dac12632f95ad632935560459bd
SHA512

f3c8c54e8ab5a814c8989a3b2dd35b6320dd1a05869112648d56d2375287676782c278a50fd297f86d9d8305d8a6f02c7a01156dbfbadab4373424ab1d2e8fee
SSDEEP

1536:jZIcCxRvc1P+6lGSRMeaSHqfZrpe6f92opvlEJiC/WqvksQvk:x+tc/lGSRMecZrpe6fLllk3/xvJQc

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2436-133-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 2436	4424	rundll32.exe	81
PID 4424 wrote to memory of 2436	4424	rundll32.exe	81
PID 4424 wrote to memory of 2436	4424	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\84d91659286ba5fa2fbc485842f30ad824e97dac12632f95ad632935560459bd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\84d91659286ba5fa2fbc485842f30ad824e97dac12632f95ad632935560459bd.dll,#1
  2⤵
  PID:2436

memory/2436-133-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download