23ea19a184f28a74b489a66b92974ad1bafb6efa967b86a61859a0abb119f68b

Analysis

max time kernel
45s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2023, 15:40

Target

23ea19a184f28a74b489a66b92974ad1bafb6efa967b86a61859a0abb119f68b.dll
Size

1.7MB
MD5

add904be495a65acf5ff364c91565646
SHA1

cca9c4583157ba8107dfef743aa85398a3d68a2a
SHA256

23ea19a184f28a74b489a66b92974ad1bafb6efa967b86a61859a0abb119f68b
SHA512

beaff9a71948865e7491611a38597c9c940bd098540ad86871e60772f23702015d357fcb949d2e38d58beee3f2fb12ffb6e8d86cf6fec9a3712682602a451ef2
SSDEEP

49152:ycee1nF1Z5E4hXBBqu6vET/+R8oYA/prj2Fq:ycHF1LhXm5xpYAhrjJ

Score

7^/10

upx

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3500-0-0x0000000010000000-0x00000000106B8000-memory.dmp	upx
behavioral2/memory/3500-1-0x0000000010000000-0x00000000106B8000-memory.dmp	upx
behavioral2/memory/3500-2-0x0000000010000000-0x00000000106B8000-memory.dmp	upx
behavioral2/memory/3500-3-0x0000000010000000-0x00000000106B8000-memory.dmp	upx
behavioral2/memory/3500-4-0x0000000010000000-0x00000000106B8000-memory.dmp	upx
behavioral2/memory/3500-7-0x0000000010000000-0x00000000106B8000-memory.dmp	upx
behavioral2/memory/3500-18-0x0000000010000000-0x00000000106B8000-memory.dmp	upx
behavioral2/memory/3500-19-0x0000000010000000-0x00000000106B8000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3500	rundll32.exe
3500	rundll32.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3500	rundll32.exe
Token: SeDebugPrivilege	3500	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3500	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 3500	640	rundll32.exe	85
PID 640 wrote to memory of 3500	640	rundll32.exe	85
PID 640 wrote to memory of 3500	640	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\23ea19a184f28a74b489a66b92974ad1bafb6efa967b86a61859a0abb119f68b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\23ea19a184f28a74b489a66b92974ad1bafb6efa967b86a61859a0abb119f68b.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:3500

memory/3500-0-0x0000000010000000-0x00000000106B8000-memory.dmp

Filesize
6.7MB

Download
memory/3500-1-0x0000000010000000-0x00000000106B8000-memory.dmp

Filesize
6.7MB

Download
memory/3500-2-0x0000000010000000-0x00000000106B8000-memory.dmp

Filesize
6.7MB

Download
memory/3500-3-0x0000000010000000-0x00000000106B8000-memory.dmp

Filesize
6.7MB

Download
memory/3500-4-0x0000000010000000-0x00000000106B8000-memory.dmp

Filesize
6.7MB

Download
memory/3500-7-0x0000000010000000-0x00000000106B8000-memory.dmp

Filesize
6.7MB

Download
memory/3500-18-0x0000000010000000-0x00000000106B8000-memory.dmp

Filesize
6.7MB

Download
memory/3500-19-0x0000000010000000-0x00000000106B8000-memory.dmp

Filesize
6.7MB

Download