33f96dc44ad10f06333b835b769d95d1aee1b15b83e7816db36f8c6b19f1bea9

Analysis

max time kernel
135s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2023 18:11

Target

33f96dc44ad10f06333b835b769d95d1aee1b15b83e7816db36f8c6b19f1bea9.dll
Size

16KB
MD5

5d73a9fddb4a44b4984d7c5ac0791438
SHA1

eb56b2af9367f292f37a4b1678690b819c0e4fd3
SHA256

33f96dc44ad10f06333b835b769d95d1aee1b15b83e7816db36f8c6b19f1bea9
SHA512

6ecaadae2db3ac489d4f01cbd2779eec8c6c227a99dc09ace0c6b2d504cf2007dec58c27b04e1e21e21dc7f08674bf6a8f694eefab1022acd63785426e68cee7
SSDEEP

384:8+ofBS0kNFFxD+zHjQ3ZCfV9ecohI8qlbT7MG:8+GBS0kNT4HUZIV9erhe3b

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2784-133-0x0000000010000000-0x0000000010010000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3420 wrote to memory of 2784	3420	rundll32.exe	86
PID 3420 wrote to memory of 2784	3420	rundll32.exe	86
PID 3420 wrote to memory of 2784	3420	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\33f96dc44ad10f06333b835b769d95d1aee1b15b83e7816db36f8c6b19f1bea9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3420
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\33f96dc44ad10f06333b835b769d95d1aee1b15b83e7816db36f8c6b19f1bea9.dll,#1
  2⤵
  PID:2784

memory/2784-133-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download