27de58201cde6e5e221f60b58be72b662515b19408447984873dbc65311c5f6c | Triage

Analysis

max time kernel
140s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 13:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

22b28da742f6634182ef4483127d0dab.dll
Size

59KB
MD5

22b28da742f6634182ef4483127d0dab
SHA1

6cc6848c31411b4e4fbfb8276bc2d1d90b5ade75
SHA256

27de58201cde6e5e221f60b58be72b662515b19408447984873dbc65311c5f6c
SHA512

b92cbe688295c7b10a0578ac85047e7f4bd3885b877024da0d740151a09556dd27128d9f7a4796539986f8c4320ae413752f11b63eff6c7e7dc447d3dcb3bbd2
SSDEEP

1536:IykzkagzxAHEUfmMG1mxwuF184c4I2Peyh46k:IFzkasxWLupmf1nFMyh4j

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3932-0-0x0000000010000000-0x000000001000F000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 3932	4060	rundll32.exe	16
PID 4060 wrote to memory of 3932	4060	rundll32.exe	16
PID 4060 wrote to memory of 3932	4060	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\22b28da742f6634182ef4483127d0dab.dll,#1
1⤵
PID:3932

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\22b28da742f6634182ef4483127d0dab.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3932-0-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download