cc8d888c0ff0cfb183f3d690dc379891d824f847ec0a7a47a2424d8353594805

Analysis

max time kernel
165s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 04:45

Target

cc8d888c0ff0cfb183f3d690dc379891d824f847ec0a7a47a2424d8353594805.dll
Size

17KB
MD5

fe42d44353f466ca5fc62c8b33dd7850
SHA1

059eb506501ebf7bd80446d798941b44ac609607
SHA256

cc8d888c0ff0cfb183f3d690dc379891d824f847ec0a7a47a2424d8353594805
SHA512

37537e85d09cc0d901cefbfd6d40ed0c9efce4cceaff5cf5a0d3903515b55e7f577c3e391dc6ba04592d98f8eafe6b1e822825abbb4f75cc73ae99bdc0290fca
SSDEEP

384:gVwJJQxytV3h7r8Hht9AqhFNeyh2/6hDgZC+/8vCYgBzWx5V4:lQxsR7rw/mqhF8/6lgZr/8vxn5V4

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2612-133-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 2612	2740	rundll32.exe	81
PID 2740 wrote to memory of 2612	2740	rundll32.exe	81
PID 2740 wrote to memory of 2612	2740	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc8d888c0ff0cfb183f3d690dc379891d824f847ec0a7a47a2424d8353594805.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cc8d888c0ff0cfb183f3d690dc379891d824f847ec0a7a47a2424d8353594805.dll,#1
  2⤵
  PID:2612

memory/2612-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download