0a52842599a56fb57f74648c072d270b11ea15b26fb405a00fa16afa9acd854e

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 20:39

Target

0a52842599a56fb57f74648c072d270b11ea15b26fb405a00fa16afa9acd854e.dll
Size

66KB
MD5

edbbe5953f89ed7515617049bd6c7f80
SHA1

92af821e6915234bfb9b279c555761ab76c4da80
SHA256

0a52842599a56fb57f74648c072d270b11ea15b26fb405a00fa16afa9acd854e
SHA512

a4fed9b58cd02e6db39be8da8175b3b6f93a9b8d7cf6557508fa0d925c1a697970754d156125d867ee2ef4dc1324134f27f8efc870e4858cfe05de81d608ac33
SSDEEP

1536:nmuc0YvfEp31fAHamDxjJN4tXv8XlnlYT7UBUr2ze:zB8fQ3SBDxJNOvwSme

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1184-133-0x0000000010000000-0x0000000010052000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 1184	4800	rundll32.exe	82
PID 4800 wrote to memory of 1184	4800	rundll32.exe	82
PID 4800 wrote to memory of 1184	4800	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a52842599a56fb57f74648c072d270b11ea15b26fb405a00fa16afa9acd854e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0a52842599a56fb57f74648c072d270b11ea15b26fb405a00fa16afa9acd854e.dll,#1
  2⤵
  PID:1184

memory/1184-133-0x0000000010000000-0x0000000010052000-memory.dmp

Filesize
328KB

Download