bdc1c19d807e3a7f34a04b41f0530f68d08eeb491b741d779ee1e6af3df44cfa | Triage

Analysis

max time kernel
144s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 11:07

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

699c786df54b3ac0864538ab147d6ed4.dll
Size

14KB
MD5

699c786df54b3ac0864538ab147d6ed4
SHA1

de5ce344886dd0318bdfa9b0d042dd6362e108f9
SHA256

bdc1c19d807e3a7f34a04b41f0530f68d08eeb491b741d779ee1e6af3df44cfa
SHA512

769b6c56606d9da4cf3c72bfed70a190fb9c4db4c332746e155a31b31373168efa910867cc21e0ead7d551a945c83744b47a5a6fd13114a12eda95ade36c6164
SSDEEP

384:qSu0edLxotFfBymtq+6KB2kYBYT5MP3pg:a0edLiFfBym8+6KBhYBYkS

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4284-0-0x0000000010000000-0x0000000010012000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3784 wrote to memory of 4284	3784	rundll32.exe	14
PID 3784 wrote to memory of 4284	3784	rundll32.exe	14
PID 3784 wrote to memory of 4284	3784	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\699c786df54b3ac0864538ab147d6ed4.dll,#1
1⤵
PID:4284

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\699c786df54b3ac0864538ab147d6ed4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4284-0-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download