Overview

overview

8

Static

static

c6ba44af70...93.dll

windows7-x64

8

c6ba44af70...93.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    159s
  • max time network
    194s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/12/2022, 06:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c6ba44af70cc7af3edbb47bf28114bfccd21aa83cb65a033831d91d857a0cc93.dll

  • Size

    62KB

  • MD5

    b3ae737c13fdcfb0ba51ad62e9110950

  • SHA1

    20e6c0f741edf3089ac5eb0b3ac3d9ca2a78470e

  • SHA256

    c6ba44af70cc7af3edbb47bf28114bfccd21aa83cb65a033831d91d857a0cc93

  • SHA512

    0abf799cb757eee3328b506950c4a7a5237641e57ea79bc6a0468f2cbeffa7caeac69c2c0c69f65d0305b7f568ab911ce761f223a9cecd09afc817d922ea81cb

  • SSDEEP

    1536:Fresl3oLo8IfhocEKp/nUCR7p153/j8DZ:PlQahoctUe735b8DZ

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6ba44af70cc7af3edbb47bf28114bfccd21aa83cb65a033831d91d857a0cc93.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2052
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\c6ba44af70cc7af3edbb47bf28114bfccd21aa83cb65a033831d91d857a0cc93.dll,#1
      2⤵
        PID:4804

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4804-137-0x00000000009B0000-0x00000000009BE000-memory.dmp

            Filesize

            56KB

            Download

          • memory/4804-136-0x00000000009B0000-0x00000000009BE000-memory.dmp

            Filesize

            56KB

            Download

          • memory/4804-133-0x00000000009B0000-0x00000000009BE000-memory.dmp

            Filesize

            56KB

            Download

          • memory/4804-138-0x0000000000860000-0x0000000000866000-memory.dmp

            Filesize

            24KB

            Download

          • memory/4804-139-0x00000000009B7000-0x00000000009BD000-memory.dmp

            Filesize

            24KB

            Download

          • memory/4804-140-0x00000000009B1000-0x00000000009B7000-memory.dmp

            Filesize

            24KB

            Download