7b8fc8a5da1ea477f807e7d353082cb63ce51b9d3eb4d7d37d19c1a391383300

Analysis

max time kernel
297s
max time network
401s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 20:39

Target

7b8fc8a5da1ea477f807e7d353082cb63ce51b9d3eb4d7d37d19c1a391383300.dll
Size

327KB
MD5

ed2771cb31d07a83bf0dd30a63ba2d20
SHA1

4159eeede9e0c0332d4a89bdef16fb1ded548a9a
SHA256

7b8fc8a5da1ea477f807e7d353082cb63ce51b9d3eb4d7d37d19c1a391383300
SHA512

f499f5037a691cde71aab52421c1e4f5cac1a8ff6c0d55950a111a0f2904ce7780050cd69f248988a957e55dbb7bb26b8d732e847a4e50722a1a708c29452e77
SSDEEP

3072:54XA3u+0uwCgiWLdiSh8SH62v5igQFEp:54Xe4ibYdr2d2vA4

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4840-133-0x0000000010000000-0x0000000010054000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3772 wrote to memory of 4840	3772	rundll32.exe	77
PID 3772 wrote to memory of 4840	3772	rundll32.exe	77
PID 3772 wrote to memory of 4840	3772	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b8fc8a5da1ea477f807e7d353082cb63ce51b9d3eb4d7d37d19c1a391383300.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7b8fc8a5da1ea477f807e7d353082cb63ce51b9d3eb4d7d37d19c1a391383300.dll,#1
  2⤵
  PID:4840

memory/4840-133-0x0000000010000000-0x0000000010054000-memory.dmp

Filesize
336KB

Download