c1e6ce41f79163586ec81b4585381626ced1a3dc561e8c13b3b7c6c054af112a

Analysis

max time kernel
299s
max time network
407s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 08:54

Target

c1e6ce41f79163586ec81b4585381626ced1a3dc561e8c13b3b7c6c054af112a.dll
Size

40KB
MD5

b4e5104863ce94a344f9482fe9f4b820
SHA1

3fa83d0ad469b8e9f474f75750ace6c46559fa00
SHA256

c1e6ce41f79163586ec81b4585381626ced1a3dc561e8c13b3b7c6c054af112a
SHA512

412635f4859d2fce52388ac736c0fe176f2b7baca12a11a8c603860c22474216a6fefff7db8e01b03035d267c8904aa87273dfba5cd8f392ece6b7f9dee6bab3
SSDEEP

768:kK/Yb6iwhl8PXAHV3snbcuyD7UX4jJDL2:3nJHV3snouy8X4tDa

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5012-133-0x00000000701A0000-0x00000000701AB000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 5012	1924	regsvr32.exe	78
PID 1924 wrote to memory of 5012	1924	regsvr32.exe	78
PID 1924 wrote to memory of 5012	1924	regsvr32.exe	78

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\c1e6ce41f79163586ec81b4585381626ced1a3dc561e8c13b3b7c6c054af112a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\c1e6ce41f79163586ec81b4585381626ced1a3dc561e8c13b3b7c6c054af112a.dll
  2⤵
  PID:5012

memory/5012-133-0x00000000701A0000-0x00000000701AB000-memory.dmp

Filesize
44KB

Download