9684e1e0c2cf253901e00fb2994cc67b2a2835b6db3bd2ecec70e3b6b4bee493

Analysis

max time kernel
118s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 03:10

Target

9684e1e0c2cf253901e00fb2994cc67b2a2835b6db3bd2ecec70e3b6b4bee493.dll
Size

61KB
MD5

67337052d289b8521b7c3c78aa7380ef
SHA1

40091c9ec54ae7cebfe9d2c6860cd7a7b19992f6
SHA256

9684e1e0c2cf253901e00fb2994cc67b2a2835b6db3bd2ecec70e3b6b4bee493
SHA512

91b13866c8388edf5cc2980e4fc3e57ac1a183e4b46d6df9384376133059fc79ad275dbbf7956eab52f31c9deba5ec2ec6dc46978bad13d74a492e5e50525c36
SSDEEP

768:56IRmOOuI1nRJuU19W06tH4taYBst+ysbHyaDRsup4I1Svi+Iop3yZNSop6ywm:5jRmOWRJzvWSLFyUhv1SIopC7SHzm

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1496-133-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 1496	3996	rundll32.exe	79
PID 3996 wrote to memory of 1496	3996	rundll32.exe	79
PID 3996 wrote to memory of 1496	3996	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9684e1e0c2cf253901e00fb2994cc67b2a2835b6db3bd2ecec70e3b6b4bee493.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9684e1e0c2cf253901e00fb2994cc67b2a2835b6db3bd2ecec70e3b6b4bee493.dll,#1
  2⤵
  PID:1496

memory/1496-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download