990ac3de67ed262e6ccb8b83a4c4b0f6517e7797f19fb35b044457b30a2f9416

Analysis

max time kernel
166s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 11:36

Target

990ac3de67ed262e6ccb8b83a4c4b0f6517e7797f19fb35b044457b30a2f9416.dll
Size

249KB
MD5

57405576a2b97a9a81535f3338dccf1d
SHA1

bba0aaeb68183dd6a9f10eff2416f6ccdaf99937
SHA256

990ac3de67ed262e6ccb8b83a4c4b0f6517e7797f19fb35b044457b30a2f9416
SHA512

480b278d7f09c5c446b84c5604b209c0f371d1eef4e0335a963b46ad3d1f69ffe612e88e216e671bc783df4ae823ec88211e45e1fe51625d175eccc68a35ade4
SSDEEP

6144:QDS+KwKJq2bO1hazUrAgJ86V0cC/WryTTHtBZp8:QDfYJYhTVfaP+yjZS

Score

8^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/5028-136-0x0000000010000000-0x00000000100A4000-memory.dmp	upx
behavioral2/memory/5028-135-0x0000000010000000-0x00000000100A4000-memory.dmp	upx
behavioral2/memory/5028-137-0x0000000010000000-0x00000000100A4000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5028	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 5028	4248	rundll32.exe	79
PID 4248 wrote to memory of 5028	4248	rundll32.exe	79
PID 4248 wrote to memory of 5028	4248	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\990ac3de67ed262e6ccb8b83a4c4b0f6517e7797f19fb35b044457b30a2f9416.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\990ac3de67ed262e6ccb8b83a4c4b0f6517e7797f19fb35b044457b30a2f9416.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:5028

memory/5028-133-0x0000000010000000-0x00000000100A4000-memory.dmp

Filesize
656KB

Download
memory/5028-134-0x0000000000740000-0x000000000077C000-memory.dmp

Filesize
240KB

Download
memory/5028-136-0x0000000010000000-0x00000000100A4000-memory.dmp

Filesize
656KB

Download
memory/5028-135-0x0000000010000000-0x00000000100A4000-memory.dmp

Filesize
656KB

Download
memory/5028-137-0x0000000010000000-0x00000000100A4000-memory.dmp

Filesize
656KB

Download