c74a10eb22c1291f91566105b2d1f3810f0115cc3cdd237a23914063973cbce4

Analysis

max time kernel
200s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:29

Target

c74a10eb22c1291f91566105b2d1f3810f0115cc3cdd237a23914063973cbce4.dll
Size

51KB
MD5

ed03f2b8d0138ad1f9e828c6ed286a7d
SHA1

f435036f36d076958c506a059197c21fadb3f6ed
SHA256

c74a10eb22c1291f91566105b2d1f3810f0115cc3cdd237a23914063973cbce4
SHA512

bf36402faa119a55b2b8b52e3812e168382cd311d47868de75f588b46d1d05f3feea910561cb5aaed322c0abefb1b16b286a34a14b640703c868dc4502ced81f
SSDEEP

768:IykIwePd8g7dHTRW3G/FFMs9ociyZGvCudEnDeJG8KG+swke29/:IykzkagNRW3cMs9oda6GKmP3U9

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4336-133-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4112 wrote to memory of 4336	4112	rundll32.exe	83
PID 4112 wrote to memory of 4336	4112	rundll32.exe	83
PID 4112 wrote to memory of 4336	4112	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c74a10eb22c1291f91566105b2d1f3810f0115cc3cdd237a23914063973cbce4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c74a10eb22c1291f91566105b2d1f3810f0115cc3cdd237a23914063973cbce4.dll,#1
  2⤵
  PID:4336

memory/4336-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download