98100270d0e92b67d99933887ff11ca7b8c48a1e1367df0c1f53bbde097fea1d

Analysis

max time kernel
293s
max time network
308s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
07/12/2022, 01:23

Target

98100270d0e92b67d99933887ff11ca7b8c48a1e1367df0c1f53bbde097fea1d.dll
Size

145KB
MD5

5ac08396066392d39784c5821d6616e5
SHA1

7da08249435c42c5ac0ca302cb085a679807b127
SHA256

98100270d0e92b67d99933887ff11ca7b8c48a1e1367df0c1f53bbde097fea1d
SHA512

ed93f2c84c16dc927696c3ef1973a555748ff06683421326160e256370451f5e498292c5fb0a88955ea03ff28637a9f7bc91cb1e361455db213cf8540e216c3e
SSDEEP

3072:l91xZRXVsBK5ZFazHQ4dhQOjK3waf/cOSJhH8GxrBPvchNIqWWap9out:l91oBID8HQi2SJ2wJEaf9oS

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4404-133-0x00000000022A0000-0x0000000002309000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 4404	4604	rundll32.exe	81
PID 4604 wrote to memory of 4404	4604	rundll32.exe	81
PID 4604 wrote to memory of 4404	4604	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\98100270d0e92b67d99933887ff11ca7b8c48a1e1367df0c1f53bbde097fea1d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\98100270d0e92b67d99933887ff11ca7b8c48a1e1367df0c1f53bbde097fea1d.dll,#1
  2⤵
  PID:4404

memory/4404-133-0x00000000022A0000-0x0000000002309000-memory.dmp

Filesize
420KB

Download