eac1b9a43607c887e53cc73295d158403ebf909f0e737127fa070c88fb727e5a

Analysis

max time kernel
240s
max time network
260s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 11:16

Target

eac1b9a43607c887e53cc73295d158403ebf909f0e737127fa070c88fb727e5a.dll
Size

16KB
MD5

bb60cb1009b0795a1066eeebe1dc00e0
SHA1

0ac5608cdfc542869cb48a151c201e65e1b1c7e0
SHA256

eac1b9a43607c887e53cc73295d158403ebf909f0e737127fa070c88fb727e5a
SHA512

61dcf15c5fb686969bd1cf054031eff58bb685ed0ef0e70209a77a27978c4ff02e1197a7a8a252daa7cdefafb77b6852a08bbadc3012fab08c0fb8e676a8c016
SSDEEP

384:Eg/9m7f9OzuPlMco4F5hAK8gAEOK4/vGzpSAps:KfAzBco0TAK8dEVSvGzzW

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2140-133-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/2140-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2140	1656	rundll32.exe	80
PID 1656 wrote to memory of 2140	1656	rundll32.exe	80
PID 1656 wrote to memory of 2140	1656	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eac1b9a43607c887e53cc73295d158403ebf909f0e737127fa070c88fb727e5a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\eac1b9a43607c887e53cc73295d158403ebf909f0e737127fa070c88fb727e5a.dll,#1
  2⤵
  PID:2140

memory/2140-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/2140-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download