bd2981c606f836bdfb99e810bbc2175094e23f9febd2e15834f5649501dccffc | Triage

Analysis

max time kernel
151s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 07:13

Sharing

Report Analysis Logs

General

Target

0deee029f319e90c1674a1f1f2f3effd.dll
Size

60KB
MD5

0deee029f319e90c1674a1f1f2f3effd
SHA1

338a4bc617f23f02c632a399af426a0da3f09b63
SHA256

bd2981c606f836bdfb99e810bbc2175094e23f9febd2e15834f5649501dccffc
SHA512

98688f4a8ce394696ca0b714d74c92be784b77c26a17d9b90551879f9d81d08a4dc2609f6bb153ec01a70c7b7d894f91da7186fcbe373bef989427b6a9c26828
SSDEEP

1536:PSbdSCMSJq5bXgfKZMsC0MQUEN+EVM/QAU+1:6dhqpXpZMsCHaN+yE1

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4844-0-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 4844	2068	rundll32.exe	88
PID 2068 wrote to memory of 4844	2068	rundll32.exe	88
PID 2068 wrote to memory of 4844	2068	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0deee029f319e90c1674a1f1f2f3effd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0deee029f319e90c1674a1f1f2f3effd.dll,#1
  2⤵
  PID:4844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4844-0-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download