d80dc520c1d239ffbf9098c675271048c8d3ef716f04a3dd97a8ce7cbba9081b

Analysis

max time kernel
173s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 01:31

Target

d80dc520c1d239ffbf9098c675271048c8d3ef716f04a3dd97a8ce7cbba9081b.dll
Size

73KB
MD5

0cffc6f81dccbc6bbe11fd0ecb39c1fc
SHA1

8f4b56f3fc752a7fef637835b531c651005c10de
SHA256

d80dc520c1d239ffbf9098c675271048c8d3ef716f04a3dd97a8ce7cbba9081b
SHA512

29daa2fb0d9962932472fdf8007f99804fc8cc76df858d8af65cadf6ebd4d39ed777ba2e26c1c2d9e4450ba10b53f7d7f20710cb3083b864557a4fa666f41629
SSDEEP

1536:HKvv9jeCw6l9n+Eu2JvQAqYYj/lhl/43jWXWeZQnSb56HXbyHHUX27f:TSHu2thfYLZ43jWXhGK56HXE02

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3132-133-0x0000000010000000-0x0000000010664000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4944 wrote to memory of 3132	4944	rundll32.exe	80
PID 4944 wrote to memory of 3132	4944	rundll32.exe	80
PID 4944 wrote to memory of 3132	4944	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d80dc520c1d239ffbf9098c675271048c8d3ef716f04a3dd97a8ce7cbba9081b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4944
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d80dc520c1d239ffbf9098c675271048c8d3ef716f04a3dd97a8ce7cbba9081b.dll,#1
  2⤵
  PID:3132

memory/3132-133-0x0000000010000000-0x0000000010664000-memory.dmp

Filesize
6.4MB

Download