4bd57f2ecdebff4f323d6bbc4dcf5dd6ad12bde1c032052bcf0bca9d420370dd

Analysis

max time kernel
144s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 14:15

Target

0027a239707d8b8a7c94f5c9933fe40f.dll
Size

160KB
MD5

0027a239707d8b8a7c94f5c9933fe40f
SHA1

1a36f0941d9147bf4c3f4ef8e6f5afc18c1ef882
SHA256

4bd57f2ecdebff4f323d6bbc4dcf5dd6ad12bde1c032052bcf0bca9d420370dd
SHA512

4c4347d051ee38661280c59fa8fd8b0d7b9b18ea27e005f6f825ef168f0b29b1b8dc19657424a79861d8979e28e939a9096bd52eac098af855e8a8314a6fea97
SSDEEP

3072:Fv6AyiHI0UbNbczTXwd3Wx3pITZOqaf37TVTllmxkBiVpDxqX:FByihHzDwF5ZHaDTgkBI

Score

7^/10

upx

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4508-1-0x0000000001590000-0x000000000159E000-memory.dmp	upx
behavioral2/memory/4508-5-0x0000000001590000-0x000000000159E000-memory.dmp	upx
behavioral2/memory/4508-6-0x0000000001590000-0x000000000159E000-memory.dmp	upx
behavioral2/memory/4508-7-0x0000000001590000-0x000000000159E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 4508	2948	rundll32.exe	90
PID 2948 wrote to memory of 4508	2948	rundll32.exe	90
PID 2948 wrote to memory of 4508	2948	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0027a239707d8b8a7c94f5c9933fe40f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0027a239707d8b8a7c94f5c9933fe40f.dll,#1
  2⤵
  PID:4508

memory/4508-1-0x0000000001590000-0x000000000159E000-memory.dmp

Filesize
56KB

Download
memory/4508-2-0x0000000001580000-0x0000000001586000-memory.dmp

Filesize
24KB

Download
memory/4508-0-0x0000000001570000-0x0000000001571000-memory.dmp

Filesize
4KB

Download
memory/4508-5-0x0000000001590000-0x000000000159E000-memory.dmp

Filesize
56KB

Download
memory/4508-6-0x0000000001590000-0x000000000159E000-memory.dmp

Filesize
56KB

Download
memory/4508-7-0x0000000001590000-0x000000000159E000-memory.dmp

Filesize
56KB

Download