5d9d989fb467ed959f06b797fa2883c5399d9a839722cc46552570b1bfb0b588

Analysis

max time kernel
75s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25-02-2023 19:15

Target

5d9d989fb467ed959f06b797fa2883c5399d9a839722cc46552570b1bfb0b588.dll
Size

1.2MB
MD5

78799835749f617477be3bb34c0acf92
SHA1

c9ac4980f077aeec6fb6e5e64e86b17b39a49e03
SHA256

5d9d989fb467ed959f06b797fa2883c5399d9a839722cc46552570b1bfb0b588
SHA512

afa0e4435b40518a876adb65e6beca36aaad97474b3ed586356c19a648e0535eebc8b9e0a196b36fb5f1b69eaa4fb92f1a48e36b3e984af76d50f35b20a1d68e
SSDEEP

24576:p4rnKiBoHQRGi4w3CIqzT3wzHjf6cCdJWSJreEgdm+I9J2lQJssT6IJ+04BXvqiC:p4ONHxZwyIc3wv6dNkZdZi2lQ+smIJUy

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral2/memory/1636-133-0x0000000002B40000-0x0000000002B58000-memory.dmp	upx
behavioral2/memory/1636-134-0x0000000002B40000-0x0000000002B58000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4284 wrote to memory of 1636	4284	rundll32.exe	rundll32.exe
PID 4284 wrote to memory of 1636	4284	rundll32.exe	rundll32.exe
PID 4284 wrote to memory of 1636	4284	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d9d989fb467ed959f06b797fa2883c5399d9a839722cc46552570b1bfb0b588.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4284

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d9d989fb467ed959f06b797fa2883c5399d9a839722cc46552570b1bfb0b588.dll,#1
2⤵
PID:1636

memory/1636-133-0x0000000002B40000-0x0000000002B58000-memory.dmp

Filesize
96KB

Download
memory/1636-134-0x0000000002B40000-0x0000000002B58000-memory.dmp

Filesize
96KB

Download