68fee800c0fb38c18582c1d00191ba2c569822093d42168fdb9011c9c9f148f4

Analysis

max time kernel
125s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20231130-en
resource tags

arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
submitted
12-12-2023 11:02

Target

68fee800c0fb38c18582c1d00191ba2c569822093d42168fdb9011c9c9f148f4.dll
Size

118KB
MD5

462cd7dcbb99e5a039f670c1c702a2f8
SHA1

d4378ec66097660af51f14806da3a45ac462c0fb
SHA256

68fee800c0fb38c18582c1d00191ba2c569822093d42168fdb9011c9c9f148f4
SHA512

e7471f3d7e9de060e852f6956ece09d52dba1ed1f1efce352588ba291d164e800ad134b331f7e97f49a6167314fa3345c642c6d3c514392b1306ba84be6452f0
SSDEEP

3072:ZjVG3jyB2kPfDHZFdJ6FPTcJh6kr1ou8J0G/gIuN6JK3outnNvW:NVG3jyMkPfFF/6Q/fr1orJ0YfA3oSnNu

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/652-0-0x0000000010000000-0x0000000010053000-memory.dmp	upx
behavioral2/memory/652-1-0x0000000010000000-0x0000000010053000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 652	1684	rundll32.exe	57
PID 1684 wrote to memory of 652	1684	rundll32.exe	57
PID 1684 wrote to memory of 652	1684	rundll32.exe	57

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\68fee800c0fb38c18582c1d00191ba2c569822093d42168fdb9011c9c9f148f4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\68fee800c0fb38c18582c1d00191ba2c569822093d42168fdb9011c9c9f148f4.dll,#1
  2⤵
  PID:652

memory/652-0-0x0000000010000000-0x0000000010053000-memory.dmp

Filesize
332KB

Download
memory/652-1-0x0000000010000000-0x0000000010053000-memory.dmp

Filesize
332KB

Download