9b3ad20c8bb7d8dbd56b5cb30d2daea9a43b77915fff34d5f4532ae9d8051251

Analysis

max time kernel
217s
max time network
269s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:59

Target

9b3ad20c8bb7d8dbd56b5cb30d2daea9a43b77915fff34d5f4532ae9d8051251.dll
Size

16KB
MD5

e07c8c7934e20ce681816a6b18b75120
SHA1

6c5f095e0aad9b46508629cd338ea98faf164f80
SHA256

9b3ad20c8bb7d8dbd56b5cb30d2daea9a43b77915fff34d5f4532ae9d8051251
SHA512

31ed0003197c70140872cd33f79b54f7e401a0607f1f97ae1b60be01258c91f8537ca641ca542c8baa6f8087dcab25c0d5745e7e856276b73390785dd1a56481
SSDEEP

384:Eg/9m7f9OzuPlMco4F5hAK8gAEOK4/vGzpSApe:KfAzBco0TAK8dEVSvGzzc

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4912-133-0x0000000010000000-0x000000001000F000-memory.dmp	upx
behavioral2/memory/4912-134-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 4912	2964	rundll32.exe	81
PID 2964 wrote to memory of 4912	2964	rundll32.exe	81
PID 2964 wrote to memory of 4912	2964	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b3ad20c8bb7d8dbd56b5cb30d2daea9a43b77915fff34d5f4532ae9d8051251.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b3ad20c8bb7d8dbd56b5cb30d2daea9a43b77915fff34d5f4532ae9d8051251.dll,#1
  2⤵
  PID:4912

memory/4912-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download
memory/4912-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download