7d9a38e0ae306cb2adb7e7271c00cb6f07dde1925e681ece60a35e7688b15648

Analysis

max time kernel
99s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 22:30

Target

40459984b2f7026dea68e5c5914b4995.dll
Size

69KB
MD5

40459984b2f7026dea68e5c5914b4995
SHA1

7be28b5d05da78543478ceefab2b9843f9df4a2a
SHA256

7d9a38e0ae306cb2adb7e7271c00cb6f07dde1925e681ece60a35e7688b15648
SHA512

3bf722cd6be2fe735b13f794f783292146e90719acfab68c2400c443b4ddd8df862aef4c36711c96b7c4b706af5e2aa53258306f2dc2218201306d6356250ef0
SSDEEP

1536:2LOJMXV6JpewdN8bDW6yLkcWMxSY1RIU3QqNa7rkp4QZJoAMHC:2rk6n66yLkA8YMU5Nus4QZGAMHC

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3040-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5112 wrote to memory of 3040	5112	rundll32.exe	90
PID 5112 wrote to memory of 3040	5112	rundll32.exe	90
PID 5112 wrote to memory of 3040	5112	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40459984b2f7026dea68e5c5914b4995.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\40459984b2f7026dea68e5c5914b4995.dll,#1
  2⤵
  PID:3040

memory/3040-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download