ebb4667d58082c5da5d564c90b1c3765469609152e75bdcc89b1a33e812eaac2

Analysis

max time kernel
136s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 18:24

Target

ebb4667d58082c5da5d564c90b1c3765469609152e75bdcc89b1a33e812eaac2.dll
Size

208KB
MD5

099e73bd7633662bff63cc19f0e14090
SHA1

87f3056b2942d5f9ee05190ca41a3b711ea0bab8
SHA256

ebb4667d58082c5da5d564c90b1c3765469609152e75bdcc89b1a33e812eaac2
SHA512

1095ecc50aee49e0915475cad1349477ef322718a5c8692bcd8b9ecec79df49a632e34ea6abe72317f28f966fcfe3fbef99dbe2ec2eb14fb5f4aa7df82cb3bce
SSDEEP

3072:8ZhZbEXfZ0bN9Na7G8T9lOcBYdRsGqB0Z/0KcoCE9:8PVI8bNJ8T9lOcqdtqBh

Score

8^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4128-133-0x0000000000B60000-0x0000000000B6D000-memory.dmp	upx
behavioral2/memory/4128-136-0x0000000000B60000-0x0000000000B6D000-memory.dmp	upx
behavioral2/memory/4128-137-0x0000000000B60000-0x0000000000B6D000-memory.dmp	upx
behavioral2/memory/4128-142-0x0000000000B60000-0x0000000000B6D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1748 wrote to memory of 4128	1748	rundll32.exe	82
PID 1748 wrote to memory of 4128	1748	rundll32.exe	82
PID 1748 wrote to memory of 4128	1748	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebb4667d58082c5da5d564c90b1c3765469609152e75bdcc89b1a33e812eaac2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ebb4667d58082c5da5d564c90b1c3765469609152e75bdcc89b1a33e812eaac2.dll,#1
  2⤵
  PID:4128

memory/4128-133-0x0000000000B60000-0x0000000000B6D000-memory.dmp

Filesize
52KB

Download
memory/4128-136-0x0000000000B60000-0x0000000000B6D000-memory.dmp

Filesize
52KB

Download
memory/4128-137-0x0000000000B60000-0x0000000000B6D000-memory.dmp

Filesize
52KB

Download
memory/4128-138-0x0000000000B60000-0x0000000000B70000-memory.dmp

Filesize
64KB

Download
memory/4128-139-0x0000000000B70000-0x0000000000B76000-memory.dmp

Filesize
24KB

Download
memory/4128-140-0x0000000000B66000-0x0000000000B6C000-memory.dmp

Filesize
24KB

Download
memory/4128-141-0x0000000000B61000-0x0000000000B66000-memory.dmp

Filesize
20KB

Download
memory/4128-142-0x0000000000B60000-0x0000000000B6D000-memory.dmp

Filesize
52KB

Download
memory/4128-143-0x0000000000B66000-0x0000000000B6C000-memory.dmp

Filesize
24KB

Download
memory/4128-144-0x0000000000B61000-0x0000000000B66000-memory.dmp

Filesize
20KB

Download