7608ea6bbd387062cf215d92dc6dc61723a3e01adea7b87e4b661fb89837e998

Analysis

max time kernel
179s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 03:14

Target

7608ea6bbd387062cf215d92dc6dc61723a3e01adea7b87e4b661fb89837e998.dll
Size

61KB
MD5

372f727670411d72d3046cf97c947f2d
SHA1

79f925da9f8ddbc2aad9bde03048f0969da941c7
SHA256

7608ea6bbd387062cf215d92dc6dc61723a3e01adea7b87e4b661fb89837e998
SHA512

db381fe9a6e50cf77ddb2696f9a555b4fd0a1dc1c0664b8bde364f51e113a2239b11b4d5788ce07fc9d2492c50c4f16e84ce4bb124aaa4f8d69dad8ea11e0c29
SSDEEP

1536:Bm1NGJVGe7NZTCf4wSY5WrrscSA19YbYR+yDcf:kX0VnrTCf4wKrfSKYQcf

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4368-133-0x0000000010000000-0x0000000010013000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4364 wrote to memory of 4368	4364	rundll32.exe	81
PID 4364 wrote to memory of 4368	4364	rundll32.exe	81
PID 4364 wrote to memory of 4368	4364	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7608ea6bbd387062cf215d92dc6dc61723a3e01adea7b87e4b661fb89837e998.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7608ea6bbd387062cf215d92dc6dc61723a3e01adea7b87e4b661fb89837e998.dll,#1
  2⤵
  PID:4368

memory/4368-133-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download