954b4067cd85c844fcfc78b973e95bdd46bdf4d4ca8c196a5edd482924db0ed7

Analysis

max time kernel
162s
max time network
193s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 08:54

Target

954b4067cd85c844fcfc78b973e95bdd46bdf4d4ca8c196a5edd482924db0ed7.dll
Size

40KB
MD5

be125c2263b33a7399e8838be837a630
SHA1

a631294f6db4cdde5fececf142273f32a58a09af
SHA256

954b4067cd85c844fcfc78b973e95bdd46bdf4d4ca8c196a5edd482924db0ed7
SHA512

4a23f22333fcd78a72ffde87f8d0260874191ca5261233de5e455d93e6484226325e116535f41f0f82f90d8ea24ef115efcb1561e2f15d93c83f0dfa8b6147a8
SSDEEP

768:kK/Yb6iwhl8PXAHV3snbcuyD7UX4jJDLa:3nJHV3snouy8X4tDG

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1120-133-0x00000000701A0000-0x00000000701AB000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 1120	3052	regsvr32.exe	78
PID 3052 wrote to memory of 1120	3052	regsvr32.exe	78
PID 3052 wrote to memory of 1120	3052	regsvr32.exe	78

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\954b4067cd85c844fcfc78b973e95bdd46bdf4d4ca8c196a5edd482924db0ed7.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\954b4067cd85c844fcfc78b973e95bdd46bdf4d4ca8c196a5edd482924db0ed7.dll
  2⤵
  PID:1120

memory/1120-133-0x00000000701A0000-0x00000000701AB000-memory.dmp

Filesize
44KB

Download