f0b281dce2cb181c94376201e30d90eb15ec7cff492c9b42f32e51e7af528d26 | Triage

Analysis

max time kernel
144s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 03:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

501708f7986fb818b25e2daa942afa85.dll
Size

48KB
MD5

501708f7986fb818b25e2daa942afa85
SHA1

97253bc18f4a49e49d80f551afb35fa64668e7ed
SHA256

f0b281dce2cb181c94376201e30d90eb15ec7cff492c9b42f32e51e7af528d26
SHA512

86d67e8105e6b39672638b10b7b31f993714cb536266f5d6f2f67152fae2d9aabb949db4748836f056221326f0b68bce2b662acf5a9f393bbaae6e1339c56180
SSDEEP

1536:5JdPaYfW1dJjlYab2mX6QygRduaSnADBDd:5JdPaYfGJjl7hygRr1B

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3580-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 3580	1212	rundll32.exe	16
PID 1212 wrote to memory of 3580	1212	rundll32.exe	16
PID 1212 wrote to memory of 3580	1212	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\501708f7986fb818b25e2daa942afa85.dll,#1
1⤵
PID:3580

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\501708f7986fb818b25e2daa942afa85.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1212

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3580-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download