bb23f965a0bc7ecc494fa0a280e74e0fbd274821889c3e59e3f93c84a2265f85

Analysis

max time kernel
147s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 01:48

Target

bb23f965a0bc7ecc494fa0a280e74e0fbd274821889c3e59e3f93c84a2265f85.dll
Size

93KB
MD5

5ee918c7e807fc69a94bf7b484a2a331
SHA1

1ca56fb153285feba09e6733e6a4d71f9c8a1a19
SHA256

bb23f965a0bc7ecc494fa0a280e74e0fbd274821889c3e59e3f93c84a2265f85
SHA512

59d5c3ee04d2b5b3c03e4f7536d29fe9d765c365b7613eb7980ef9e27655b3a84ff9fc1b6be2c069375a7d811b6b1563d0219f0aee42d0e5e5b1d7be72fdb7d7
SSDEEP

1536:nw0yKsoJxGqtBehZQywUolIv3BCiHE+H+WAwDOxua+u3Ifo3eUD+CAa:RHJXBAQyWA3BCiBbAwDOxXN3So37+CX

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2976-133-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 2976	1684	rundll32.exe	78
PID 1684 wrote to memory of 2976	1684	rundll32.exe	78
PID 1684 wrote to memory of 2976	1684	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb23f965a0bc7ecc494fa0a280e74e0fbd274821889c3e59e3f93c84a2265f85.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb23f965a0bc7ecc494fa0a280e74e0fbd274821889c3e59e3f93c84a2265f85.dll,#1
  2⤵
  PID:2976

memory/2976-133-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download