071d9cb27b4ea176d0e595fcfe743df2128d6e87b1def89385e58e6391e7e53a

Analysis

max time kernel
146s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 20:36

Target

071d9cb27b4ea176d0e595fcfe743df2128d6e87b1def89385e58e6391e7e53a.dll
Size

72KB
MD5

ee45033517d157d02c91411ffd6d61b0
SHA1

2149dbf92dea0faa34a09f0e2b6d59f4dc5ed22b
SHA256

071d9cb27b4ea176d0e595fcfe743df2128d6e87b1def89385e58e6391e7e53a
SHA512

10a2b52183580eb338dc41df1902bcdeef352c08aee44a273c4748074ef3ce0226217ae47311fa1525cbeb76cc115c69b7a82496588e194d3d53c2b22ff9c2c0
SSDEEP

1536:QXP/lFULIK+XMH1VNOykHjBoTcRNdrkT03plqTVXa4j:8PnaVunHjBoURFpkhK4j

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/816-133-0x0000000010000000-0x000000001005E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 816	1472	rundll32.exe	82
PID 1472 wrote to memory of 816	1472	rundll32.exe	82
PID 1472 wrote to memory of 816	1472	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\071d9cb27b4ea176d0e595fcfe743df2128d6e87b1def89385e58e6391e7e53a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\071d9cb27b4ea176d0e595fcfe743df2128d6e87b1def89385e58e6391e7e53a.dll,#1
  2⤵
  PID:816

memory/816-133-0x0000000010000000-0x000000001005E000-memory.dmp

Filesize
376KB

Download