e545ea1abb7588fe17786d6d3e03ccfbd533e2e51432e6bbc6677bd8576d4ba4

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 11:25

Target

e545ea1abb7588fe17786d6d3e03ccfbd533e2e51432e6bbc6677bd8576d4ba4.dll
Size

15KB
MD5

d135b10f4021ce345ef7ea85f6385be0
SHA1

99972eeaa605446140e79696915653e9db4e6d73
SHA256

e545ea1abb7588fe17786d6d3e03ccfbd533e2e51432e6bbc6677bd8576d4ba4
SHA512

b1a12383e85fd655d7edef447af85944a659cd4ef2a008bb3a699c1aee70d30dcfa352a84f02ba7ee98059da3e8faf4a784aae5a84cf3867b91d588126686b11
SSDEEP

384:+jVM4CtcZJSfBYMqaNJawcudoD7UgWu2ZLW1XKYJLU/:ke4C6Z637nbcuyD7UXeXDLU/

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/636-133-0x00000000701A0000-0x00000000701AB000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 636	1108	regsvr32.exe	84
PID 1108 wrote to memory of 636	1108	regsvr32.exe	84
PID 1108 wrote to memory of 636	1108	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\e545ea1abb7588fe17786d6d3e03ccfbd533e2e51432e6bbc6677bd8576d4ba4.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\e545ea1abb7588fe17786d6d3e03ccfbd533e2e51432e6bbc6677bd8576d4ba4.dll
  2⤵
  PID:636

memory/636-133-0x00000000701A0000-0x00000000701AB000-memory.dmp

Filesize
44KB

Download