6683967983c596fdf57bf759b2607058d1b6a3753819e13c54a970a1cd0a66d6

Analysis

max time kernel
128s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2023, 09:30

Target

6683967983c596fdf57bf759b2607058d1b6a3753819e13c54a970a1cd0a66d6.dll
Size

1.6MB
MD5

adac05eb805be92c0c5b86215dbb8f5f
SHA1

c3811b9ba8603419e4a9b4e13af6473254e54470
SHA256

6683967983c596fdf57bf759b2607058d1b6a3753819e13c54a970a1cd0a66d6
SHA512

80b72f8c9723f9ac7447ec756b08e6da6a6b59e49c49462ec200f684908eea7e45624926560c14c0abfaf49d6185e751d0f45a9d49a6723dcdc7cf846539ab7a
SSDEEP

24576:bq0PpSjgpQZZmJBx+g3UrxkGMmL+js+3Wvpw8x+UdNNBo44xS7LyAVnipiFVt8lw:Z0MQ3M9S+mL+Z3Wvpw8x+UPMElH3tUw

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4952-0-0x0000000010000000-0x000000001033B000-memory.dmp	upx
behavioral2/memory/4952-2-0x0000000002A80000-0x0000000002A8B000-memory.dmp	upx
behavioral2/memory/4952-3-0x0000000002A80000-0x0000000002A8B000-memory.dmp	upx

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4952	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1700 wrote to memory of 4952	1700	rundll32.exe	83
PID 1700 wrote to memory of 4952	1700	rundll32.exe	83
PID 1700 wrote to memory of 4952	1700	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6683967983c596fdf57bf759b2607058d1b6a3753819e13c54a970a1cd0a66d6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6683967983c596fdf57bf759b2607058d1b6a3753819e13c54a970a1cd0a66d6.dll,#1
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4952

memory/4952-0-0x0000000010000000-0x000000001033B000-memory.dmp

Filesize
3.2MB

Download
memory/4952-2-0x0000000002A80000-0x0000000002A8B000-memory.dmp

Filesize
44KB

Download
memory/4952-3-0x0000000002A80000-0x0000000002A8B000-memory.dmp

Filesize
44KB

Download