a3e5f931ed37df0f54573422aff44f7b07bfc435776a57bf7c21cd876d90e0c1

Analysis

max time kernel
152s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 08:54

Target

a3e5f931ed37df0f54573422aff44f7b07bfc435776a57bf7c21cd876d90e0c1.dll
Size

40KB
MD5

4314307e2231223a0bd499d3f9670a90
SHA1

3db5d989ec94c171861a628f25bb7e785033d850
SHA256

a3e5f931ed37df0f54573422aff44f7b07bfc435776a57bf7c21cd876d90e0c1
SHA512

80276631171e42487469261b3cb178f3b5e58361fbc995b2026702c279de29bbce436c31cd9a87da803d2d457e5939dd31e8f1ffec6258dba59f51d06c0fe056
SSDEEP

768:kK/Yb6iwhl8PXAHV3snbcuyD7UX4jJDLD:3nJHV3snouy8X4tD/

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3004-133-0x00000000701A0000-0x00000000701AB000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 3004	4896	regsvr32.exe	79
PID 4896 wrote to memory of 3004	4896	regsvr32.exe	79
PID 4896 wrote to memory of 3004	4896	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a3e5f931ed37df0f54573422aff44f7b07bfc435776a57bf7c21cd876d90e0c1.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a3e5f931ed37df0f54573422aff44f7b07bfc435776a57bf7c21cd876d90e0c1.dll
  2⤵
  PID:3004

memory/3004-133-0x00000000701A0000-0x00000000701AB000-memory.dmp

Filesize
44KB

Download