7cc4e3987d1a8f2042e8f60a9fa48986de7ced664a51f571286b24a65ad97368

Analysis

max time kernel
149s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 09:13

Target

62c47d905c56bb920a25aa5141a14c04.dll
Size

61KB
MD5

62c47d905c56bb920a25aa5141a14c04
SHA1

121b5baa0289e8263c76538c5ed9393ca36d3e7f
SHA256

7cc4e3987d1a8f2042e8f60a9fa48986de7ced664a51f571286b24a65ad97368
SHA512

96bc3cbabd3716ec6a599a5b1a9f8d3eb6319c3513e28f0c6cfc568f125b6dd9a23609c7186067fe5da494be8923a4e9b927c3449ddf6f221753a021e75a5e57
SSDEEP

768:9xBtKtqyLU4XFL2XRGx8nA/FxtH8Fp3YZcG7UbN4ZB8zb0jnpyRp1/dJKgo0+6uu:90FSB0xGT3mUbN4kzbunYnjNoJ6ujS

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4804-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4840 wrote to memory of 4804	4840	rundll32.exe	14
PID 4840 wrote to memory of 4804	4840	rundll32.exe	14
PID 4840 wrote to memory of 4804	4840	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\62c47d905c56bb920a25aa5141a14c04.dll,#1
1⤵
PID:4804

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\62c47d905c56bb920a25aa5141a14c04.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4840

memory/4804-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download