99f355d0e81a7cbeb01545a4941e63742a8fc03cb6bd29723dba73974e049ca5

Analysis

max time kernel
153s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 06:22

Target

99f355d0e81a7cbeb01545a4941e63742a8fc03cb6bd29723dba73974e049ca5.dll
Size

520KB
MD5

2ad453f39fd392413da861488136a97f
SHA1

afd4737075eac12e370aba20f17b72ab4fbea9ec
SHA256

99f355d0e81a7cbeb01545a4941e63742a8fc03cb6bd29723dba73974e049ca5
SHA512

24224e750220357172476c24035e7abd4647aebb68b1f5132f1cbfbfcf068f1716103a05824a378ab59f4bb3de201745ab8bd6748ac2e08200cdda33e499ae87
SSDEEP

12288:sVLeBzyLW736WmN465sHFlz6oglEss4uDs:zAWDm46mHfz6v3fuDs

Score

8^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4380-133-0x0000000010000000-0x000000001010B000-memory.dmp	upx
behavioral2/memory/4380-134-0x0000000010000000-0x000000001010B000-memory.dmp	upx
behavioral2/memory/4380-136-0x0000000010000000-0x000000001010B000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4380	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4300 wrote to memory of 4380	4300	rundll32.exe	83
PID 4300 wrote to memory of 4380	4300	rundll32.exe	83
PID 4300 wrote to memory of 4380	4300	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\99f355d0e81a7cbeb01545a4941e63742a8fc03cb6bd29723dba73974e049ca5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\99f355d0e81a7cbeb01545a4941e63742a8fc03cb6bd29723dba73974e049ca5.dll,#1
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:4380

memory/4380-133-0x0000000010000000-0x000000001010B000-memory.dmp

Filesize
1.0MB

Download
memory/4380-134-0x0000000010000000-0x000000001010B000-memory.dmp

Filesize
1.0MB

Download
memory/4380-136-0x0000000010000000-0x000000001010B000-memory.dmp

Filesize
1.0MB

Download