a6f22d09ddcb47f136acb279046adeb6c8dd1266f74a801d7792058d99e90791

Analysis

max time kernel
95s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 09:53

Target

a6f22d09ddcb47f136acb279046adeb6c8dd1266f74a801d7792058d99e90791.dll
Size

66KB
MD5

67684dd5d89742b98bb40039e5845b30
SHA1

b176bcf8b25c52404a4a7faac825fa1d931a8be6
SHA256

a6f22d09ddcb47f136acb279046adeb6c8dd1266f74a801d7792058d99e90791
SHA512

e52328ac76a3999070e18102727cd9dda9580a91fb7a5e5facb3ceed30d11e5de334271a36798d5fa296aaab977446b2c519d40ebc164de4933e45cc3abcd23d
SSDEEP

1536:MhBRVgrExucMx3Ad5dY5BGInXEodvV3/Aiioqw4Ku3/DlIC:cRRsgDdY5BGI0odt3/LLu3/Dl1

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1236-133-0x0000000010000000-0x0000000010017000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 1236	2292	rundll32.exe	80
PID 2292 wrote to memory of 1236	2292	rundll32.exe	80
PID 2292 wrote to memory of 1236	2292	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6f22d09ddcb47f136acb279046adeb6c8dd1266f74a801d7792058d99e90791.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a6f22d09ddcb47f136acb279046adeb6c8dd1266f74a801d7792058d99e90791.dll,#1
  2⤵
  PID:1236

memory/1236-133-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download