0cec85644904994365e8baa7a6fc392335664c36caea54b84b716f6b1d71d39e

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 08:55

Target

0cec85644904994365e8baa7a6fc392335664c36caea54b84b716f6b1d71d39e.dll
Size

40KB
MD5

83dc8ebc43531b660ab0a5790021fd00
SHA1

1f1a86590c38d85628b129c55a6d8e046025bacd
SHA256

0cec85644904994365e8baa7a6fc392335664c36caea54b84b716f6b1d71d39e
SHA512

d88c081daa7a2e8e3dc5bcca373ddf049f2882729b380214c4b9ba814975669908c2f4788f1daf32fff9cf4d00cfb4f89dd4623d700a47dc658a22c0df76e4ad
SSDEEP

768:kK/Yb6iwhl8PXAHV3snbcuyD7UX4jJDL5:3nJHV3snouy8X4tDV

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3504-133-0x00000000701A0000-0x00000000701AB000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 3504	4808	regsvr32.exe	79
PID 4808 wrote to memory of 3504	4808	regsvr32.exe	79
PID 4808 wrote to memory of 3504	4808	regsvr32.exe	79

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\0cec85644904994365e8baa7a6fc392335664c36caea54b84b716f6b1d71d39e.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\0cec85644904994365e8baa7a6fc392335664c36caea54b84b716f6b1d71d39e.dll
  2⤵
  PID:3504

memory/3504-133-0x00000000701A0000-0x00000000701AB000-memory.dmp

Filesize
44KB

Download