c8b6d2a3cad08fd547bd6e91eb074f3d75f7154b7b0f251d329f3e4a9a1166dc

Analysis

max time kernel
254s
max time network
269s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 03:25

Target

c8b6d2a3cad08fd547bd6e91eb074f3d75f7154b7b0f251d329f3e4a9a1166dc.dll
Size

64KB
MD5

66e2f1d90f377e9c54410376a0bab50c
SHA1

00f5b98c93142c33a8b192c17634ab50e3a85f4e
SHA256

c8b6d2a3cad08fd547bd6e91eb074f3d75f7154b7b0f251d329f3e4a9a1166dc
SHA512

f54188d3bb7c456f10f1a69fbf42a2b240ecd6aa0e37b1148fa3984264ab659dc96741e5c9520205371934f3979827a1e166c49287ac8e760ff4b256c29930e7
SSDEEP

1536:mPO6KEVbsVP0gxV4KNKSKF3E8hoS+m9AtldagyKaeb:cMEVbsVcAT0F3XhAm9g2gZaeb

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1516-133-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 1516	4284	rundll32.exe	78
PID 4284 wrote to memory of 1516	4284	rundll32.exe	78
PID 4284 wrote to memory of 1516	4284	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8b6d2a3cad08fd547bd6e91eb074f3d75f7154b7b0f251d329f3e4a9a1166dc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8b6d2a3cad08fd547bd6e91eb074f3d75f7154b7b0f251d329f3e4a9a1166dc.dll,#1
  2⤵
  PID:1516

memory/1516-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download