a139a1d87b56114716f0771be380bf8ba8e2fe24f2f0c1dfc8f940ceec76e87d

Analysis

max time kernel
147s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 01:29

Target

a139a1d87b56114716f0771be380bf8ba8e2fe24f2f0c1dfc8f940ceec76e87d.dll
Size

52KB
MD5

38e8a5c7c296420f30f647fbe7f6aa19
SHA1

e6cc182b16678788582216576fff87f686e36ae4
SHA256

a139a1d87b56114716f0771be380bf8ba8e2fe24f2f0c1dfc8f940ceec76e87d
SHA512

06db7bd419d61573c267c953b481c5b22a67d18a423f39813e055385c69293a3cf1ba3beba938a3eeef3ee62fea1c5c8da1d0132de145b07fb765f5bf840d92d
SSDEEP

1536:evZIyNqTG4FOqsL2Rii/r9CySaFZHbVZBjT:kIyoFOHNi/xsan57

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1324-133-0x0000000010000000-0x000000001000C000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 1324	3044	rundll32.exe	80
PID 3044 wrote to memory of 1324	3044	rundll32.exe	80
PID 3044 wrote to memory of 1324	3044	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a139a1d87b56114716f0771be380bf8ba8e2fe24f2f0c1dfc8f940ceec76e87d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a139a1d87b56114716f0771be380bf8ba8e2fe24f2f0c1dfc8f940ceec76e87d.dll,#1
  2⤵
  PID:1324

memory/1324-132-0x0000000000000000-mapping.dmp

Download
memory/1324-133-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download