4e8d882c2339cc445dbca98615ba16de4d902f889953703e56307133fdf87aca

Analysis

max time kernel
91s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 20:37

Target

4e8d882c2339cc445dbca98615ba16de4d902f889953703e56307133fdf87aca.dll
Size

310KB
MD5

a219834d1cbb37b3b5e9f385277886e0
SHA1

19704ae4ae89d11cf46535e8efcc9efdb6efb2db
SHA256

4e8d882c2339cc445dbca98615ba16de4d902f889953703e56307133fdf87aca
SHA512

fa98d4a2e3f3726de58ff3320dc2a5b38827468890bbf8b3c64ad979026cf51a2ccfed2cc590aae2fb6d4c6b5aa18283b7f808c5ceaebb97f5115a98ab3241af
SSDEEP

3072:M+Jq4hIOAbbvTJW5QRdrw8IsGv79iWXP:M+Jqaik5QRBwJvE

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/992-133-0x0000000010000000-0x0000000010050000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 992	4572	rundll32.exe	81
PID 4572 wrote to memory of 992	4572	rundll32.exe	81
PID 4572 wrote to memory of 992	4572	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e8d882c2339cc445dbca98615ba16de4d902f889953703e56307133fdf87aca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e8d882c2339cc445dbca98615ba16de4d902f889953703e56307133fdf87aca.dll,#1
  2⤵
  PID:992

memory/992-132-0x0000000000000000-mapping.dmp

Download
memory/992-133-0x0000000010000000-0x0000000010050000-memory.dmp

Filesize
320KB

Download