cf24344398397a5b54d72e397983278b86e9f871fcb0f467c599203c03055037

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 23:08

Target

42488261e885e5a90b380e5906bf1bfe.dll
Size

94KB
MD5

42488261e885e5a90b380e5906bf1bfe
SHA1

a41fd5ce7c2f6f30c7d2208edf30049b5b438444
SHA256

cf24344398397a5b54d72e397983278b86e9f871fcb0f467c599203c03055037
SHA512

ce26b44924530fd5c8559b886fffd54577df9ce8934fdaf974be6c652d7cbf1de9d51df45c393dd6f0b780e3ad78df3239712481bf7717935ac726b9e3939980
SSDEEP

768:Qjd1kl3u6tdfF83IROgomgdra1DGjdA8aVwLbOuZ:u6l3/XfF9ROgom0roKd3aSLb

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2776-0-0x00000000754E0000-0x00000000754EF000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 2776	1044	rundll32.exe	87
PID 1044 wrote to memory of 2776	1044	rundll32.exe	87
PID 1044 wrote to memory of 2776	1044	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\42488261e885e5a90b380e5906bf1bfe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\42488261e885e5a90b380e5906bf1bfe.dll,#1
  2⤵
  PID:2776

memory/2776-0-0x00000000754E0000-0x00000000754EF000-memory.dmp

Filesize
60KB

Download