fc33d4b63f71d8b6b025e35ba14f476abc4aa8766358c572d0104837a2be5a6f

Analysis

max time kernel
92s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 20:20

Target

fc33d4b63f71d8b6b025e35ba14f476abc4aa8766358c572d0104837a2be5a6f.dll
Size

56KB
MD5

e3cd122ef77498d23e57491b59ed232a
SHA1

d192881a9bc7c7825c4f8e9d36b3c5e8225d4e11
SHA256

fc33d4b63f71d8b6b025e35ba14f476abc4aa8766358c572d0104837a2be5a6f
SHA512

b1860fd3be67ef50772600e14b6f9657b02eb3fd36110c0abdc1bdf637a236ad7c8cbd3b0b9e8850b6d62c74861602d1bad3d2fc051650a9401be5f9ce67ade4
SSDEEP

1536:n7ZLNPp9pZBM/mIGA4AWILcjS1bEAEVnT8ajaoCg:7Zppj/IWILcG1b10T1qg

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1856-133-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 988 wrote to memory of 1856	988	rundll32.exe	80
PID 988 wrote to memory of 1856	988	rundll32.exe	80
PID 988 wrote to memory of 1856	988	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc33d4b63f71d8b6b025e35ba14f476abc4aa8766358c572d0104837a2be5a6f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc33d4b63f71d8b6b025e35ba14f476abc4aa8766358c572d0104837a2be5a6f.dll,#1
  2⤵
  PID:1856

memory/1856-133-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download