db6452d5d4b645efae68b2df4704a58416e6da87b4519704a4101a677db658ba

Analysis

max time kernel
155s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 12:11

Target

db6452d5d4b645efae68b2df4704a58416e6da87b4519704a4101a677db658ba.dll
Size

46KB
MD5

22f9bbfa4ec78eea452babd1b38335ac
SHA1

0d1506af5fd963505f0f9dccfdbf0b1a09335760
SHA256

db6452d5d4b645efae68b2df4704a58416e6da87b4519704a4101a677db658ba
SHA512

51008b648811ed801155726addea694bbe37eee5d0282af597bcb58ca59de8d2b7e7507ea2ed6b7a9b3aef37409e12275948771c799a69701a62ff15bf7b4bde
SSDEEP

768:ORUXcO2UH1NtEamD2ZhLAcqTRAoS2Iu7jwCcEVdTPjX740ksTS4Aub:aE2Ut8D2vLGTXSfu73TQqFb

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/308-133-0x0000000010000000-0x000000001002F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4624 wrote to memory of 308	4624	rundll32.exe	81
PID 4624 wrote to memory of 308	4624	rundll32.exe	81
PID 4624 wrote to memory of 308	4624	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\db6452d5d4b645efae68b2df4704a58416e6da87b4519704a4101a677db658ba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4624
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\db6452d5d4b645efae68b2df4704a58416e6da87b4519704a4101a677db658ba.dll,#1
  2⤵
  PID:308

memory/308-133-0x0000000010000000-0x000000001002F000-memory.dmp

Filesize
188KB

Download