59db0290cacb62dfbc1a7cdd25f877c3dfbbb0b8a8af881aafa232e2e38a77fc

Analysis

max time kernel
112s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:34

Target

59db0290cacb62dfbc1a7cdd25f877c3dfbbb0b8a8af881aafa232e2e38a77fc.dll
Size

59KB
MD5

51dc4c717ae46d6128ab8314105ebc90
SHA1

40d0ef7e060ccf0d965b75cd0d5aecfda5d8683e
SHA256

59db0290cacb62dfbc1a7cdd25f877c3dfbbb0b8a8af881aafa232e2e38a77fc
SHA512

77d42b07e3c2d8ba231e3da11e7ff4f21f25df1e02673adbc257f5596cb68dd2a28d57f86787938af474da5ca7a93d35adfcd2572f3642b590b45660e6060c8c
SSDEEP

1536:V8O9Nn6RjriTvVgHpwWtiRYM3Drple3lHW1tOmnMu+3:2Oz6VWobiRrle3lHW1Q/3

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1224-133-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 1224	904	rundll32.exe	79
PID 904 wrote to memory of 1224	904	rundll32.exe	79
PID 904 wrote to memory of 1224	904	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59db0290cacb62dfbc1a7cdd25f877c3dfbbb0b8a8af881aafa232e2e38a77fc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\59db0290cacb62dfbc1a7cdd25f877c3dfbbb0b8a8af881aafa232e2e38a77fc.dll,#1
  2⤵
  PID:1224

memory/1224-133-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download