09b343c08ce3b99984106aadc566b55aa10a071572b713402c543aac88fff148

Analysis

max time kernel
155s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 20:44

Target

09b343c08ce3b99984106aadc566b55aa10a071572b713402c543aac88fff148.dll
Size

49KB
MD5

e680253befbcddc871a299e6f9a8d6e0
SHA1

04666726682863c0cc74575a427c22bd2da22d21
SHA256

09b343c08ce3b99984106aadc566b55aa10a071572b713402c543aac88fff148
SHA512

df9a78e242499ef23b3336f8e5cde949a5371ebd64223863942a98ac2669019d53a2ccc08bc86a2180c0783ff8f36c633525a181daa30751d88bb0c2231c3e13
SSDEEP

1536://jJ0qRl+zP0CDAoU6HLZ+b54QhTV3d5jBrKlj93j3:jJ0Sl+zb1UcZIhTVgb3j3

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1444-133-0x0000000010000000-0x000000001004A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3384 wrote to memory of 1444	3384	rundll32.exe	84
PID 3384 wrote to memory of 1444	3384	rundll32.exe	84
PID 3384 wrote to memory of 1444	3384	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09b343c08ce3b99984106aadc566b55aa10a071572b713402c543aac88fff148.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\09b343c08ce3b99984106aadc566b55aa10a071572b713402c543aac88fff148.dll,#1
  2⤵
  PID:1444

memory/1444-132-0x0000000000000000-mapping.dmp

Download
memory/1444-133-0x0000000010000000-0x000000001004A000-memory.dmp

Filesize
296KB

Download