b73267b58a5e778a0e5b54785af5ac633e6966a83cbcb48705bab42156951872

Analysis

max time kernel
168s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 21:36

Target

b73267b58a5e778a0e5b54785af5ac633e6966a83cbcb48705bab42156951872.dll
Size

327KB
MD5

3abadeec500da846bcf4c9564fbf5e00
SHA1

f74b20ecf357c355b85f22ac865aa4a76f1533cb
SHA256

b73267b58a5e778a0e5b54785af5ac633e6966a83cbcb48705bab42156951872
SHA512

a0cce233cb29197118168f67e69316b8306264454a51ae003fca1797b0e398693a47ba48974848ac928b32d3bbb5b2de9ea7f2b4e8861b4d431be324c7127aa5
SSDEEP

3072:+4XA3u+0uwCgiWLdiSh8SH62v5U2gQceEp:+4Xe4ibYdr2d2vCOe

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/836-133-0x0000000010000000-0x0000000010054000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 836	1680	rundll32.exe	79
PID 1680 wrote to memory of 836	1680	rundll32.exe	79
PID 1680 wrote to memory of 836	1680	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b73267b58a5e778a0e5b54785af5ac633e6966a83cbcb48705bab42156951872.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b73267b58a5e778a0e5b54785af5ac633e6966a83cbcb48705bab42156951872.dll,#1
  2⤵
  PID:836

memory/836-133-0x0000000010000000-0x0000000010054000-memory.dmp

Filesize
336KB

Download