21ce1d4e2e804b0bb7fac56b5c619a62360e84aa1e95229d91a14d90d9c6fed3

Analysis

max time kernel
137s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 15:03

Target

27c36c7ad5cc2581790e13829201c7cc.dll
Size

58KB
MD5

27c36c7ad5cc2581790e13829201c7cc
SHA1

8d675e62d376288d135bc74a911eb61dc0151320
SHA256

21ce1d4e2e804b0bb7fac56b5c619a62360e84aa1e95229d91a14d90d9c6fed3
SHA512

6b7a01fc02c8097ba76d23322e58a68c665e5b8db202d756ccc99dd6f68f3a30e205e97913a364c4ed20b5e8937f9d569c8f9725f7953c144fe63cb8d644404a
SSDEEP

768:GbvLDaaMact8TpS0iziKdgxp6AKTOtpi2LsuZdAQOB+vAd9Bv5NeONrtYbbwVlqO:evDiZC9fQuZwB99B+OJKbbqQ5cma

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/828-0-0x0000000010000000-0x000000001000C000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 828	2056	rundll32.exe	15
PID 2056 wrote to memory of 828	2056	rundll32.exe	15
PID 2056 wrote to memory of 828	2056	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\27c36c7ad5cc2581790e13829201c7cc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\27c36c7ad5cc2581790e13829201c7cc.dll,#1
  2⤵
  PID:828

memory/828-0-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download