a00e257663a84eae4f9e466cee771018c691e00374d02c1ab9d51e17e589147f

Analysis

max time kernel
188s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 03:40

Target

a00e257663a84eae4f9e466cee771018c691e00374d02c1ab9d51e17e589147f.dll
Size

60KB
MD5

680379a78d6d360f86737ed768b8f26b
SHA1

4ba311201f74385564c58ce9212cfaee4c619b23
SHA256

a00e257663a84eae4f9e466cee771018c691e00374d02c1ab9d51e17e589147f
SHA512

6efa43223cb01ffae744caed55190eeeb1bb69ad4c617e5d73e247e2bed47a2273484f4b32bb09dd848f6059a75f749c27abfe2de2e98c351b61df667d3c2369
SSDEEP

1536:VZIcCxR8Pe4Cv2gQZnMwWg3GQLYhhXnbh:r+WG4Cv2gQC1gWQMhdl

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1536-133-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4208 wrote to memory of 1536	4208	rundll32.exe	82
PID 4208 wrote to memory of 1536	4208	rundll32.exe	82
PID 4208 wrote to memory of 1536	4208	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a00e257663a84eae4f9e466cee771018c691e00374d02c1ab9d51e17e589147f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4208
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a00e257663a84eae4f9e466cee771018c691e00374d02c1ab9d51e17e589147f.dll,#1
  2⤵
  PID:1536

memory/1536-133-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download