9923757b07b776f3883f6b2584965b9b3280c3cd26a5623dd43a3e9a6e04bda2

Analysis

max time kernel
158s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 11:35

Target

9923757b07b776f3883f6b2584965b9b3280c3cd26a5623dd43a3e9a6e04bda2.dll
Size

12KB
MD5

abce6b18a1bb6e63fd339086fb28ffa7
SHA1

9608c6530da4d4c1a4ef994f13e5d2f530f6050e
SHA256

9923757b07b776f3883f6b2584965b9b3280c3cd26a5623dd43a3e9a6e04bda2
SHA512

6c38e5b27d4e0fb65abf800d4b0ba3eb4534ec4864c3ebf079ce5d75b3e444e30ab3b38feaf03b9347bbc7cf2aa69f44b4c5fee85d2d462267ff23011945d9c8
SSDEEP

192:6f9k6DNba7ukdskU0dZljI2YjWqDLRxFsdpgH/zxQFcQp4xKtXarWwNWa:xdsXOl82YjWoLTFTf6c+RyWwNW

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1752-133-0x0000000010000000-0x000000001000B000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 1752	1568	rundll32.exe	83
PID 1568 wrote to memory of 1752	1568	rundll32.exe	83
PID 1568 wrote to memory of 1752	1568	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9923757b07b776f3883f6b2584965b9b3280c3cd26a5623dd43a3e9a6e04bda2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9923757b07b776f3883f6b2584965b9b3280c3cd26a5623dd43a3e9a6e04bda2.dll,#1
  2⤵
  PID:1752

memory/1752-133-0x0000000010000000-0x000000001000B000-memory.dmp

Filesize
44KB

Download