a092a4e401a37db787fd81deef14aa073d36b25ffb3262de6090403dea443d3b

Analysis

max time kernel
134s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 03:40

Target

a092a4e401a37db787fd81deef14aa073d36b25ffb3262de6090403dea443d3b.dll
Size

69KB
MD5

c5958ddabe3e59cbefda42e97437653b
SHA1

706ea22e8ac824c7b9632833d8f3c3e2e8872464
SHA256

a092a4e401a37db787fd81deef14aa073d36b25ffb3262de6090403dea443d3b
SHA512

dedc1f5f6c1d66569477a657518cf13ebdb531155778ad35690dbb8efae530c6a16c07f4de5c50e2442a2f4ccbe520a58bae08f17d41603f72568de8bf97f38a
SSDEEP

1536:yl3E0T75e6r8aolP7luZLDT441Fxdl9arJzqofbwt:E39H5X8aolZeLDT4CFpANVwt

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3824-133-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 3824	5040	rundll32.exe	80
PID 5040 wrote to memory of 3824	5040	rundll32.exe	80
PID 5040 wrote to memory of 3824	5040	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a092a4e401a37db787fd81deef14aa073d36b25ffb3262de6090403dea443d3b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a092a4e401a37db787fd81deef14aa073d36b25ffb3262de6090403dea443d3b.dll,#1
  2⤵
  PID:3824

memory/3824-133-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download