cc7635ef3555779f4cf0bb1a0f9b6a4fdcd7f0dfb71e62f9b3e187c61ec515c9

Analysis

max time kernel
188s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 03:34

Target

cc7635ef3555779f4cf0bb1a0f9b6a4fdcd7f0dfb71e62f9b3e187c61ec515c9.dll
Size

49KB
MD5

0c1eb834c1dc8c97225775c35561340c
SHA1

69038aa2f3b252b4c66da97925fd6993d40624f1
SHA256

cc7635ef3555779f4cf0bb1a0f9b6a4fdcd7f0dfb71e62f9b3e187c61ec515c9
SHA512

3ca450562589d7c1c85b699b9e16ea01d004c51c22e3a06ca57a1a3dbd556579f496d3a6871fa96ccabbf3343c58cd3aff82bbe5db3a588bd6dc55f78f60d102
SSDEEP

768:h8WTpVT0X8zbU4NgrS6lDPV3CLZ53PzkwuX2utiPaY208x/JbyeXpRKy19aU/4Z+:RVlIOLZ53PzkmD2dx/4eXd1EUOS5

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1936-133-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 908 wrote to memory of 1936	908	rundll32.exe	83
PID 908 wrote to memory of 1936	908	rundll32.exe	83
PID 908 wrote to memory of 1936	908	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc7635ef3555779f4cf0bb1a0f9b6a4fdcd7f0dfb71e62f9b3e187c61ec515c9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc7635ef3555779f4cf0bb1a0f9b6a4fdcd7f0dfb71e62f9b3e187c61ec515c9.dll,#1
  2⤵
  PID:1936

memory/1936-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download