8631af63b388db7c42e4cdfeea8a967f10eadf5ce4c62ac6fecda24b252ad87a

Analysis

max time kernel
146s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 12:45

Target

6f80319caeb20f9bbf349476aaa4243c.dll
Size

28KB
MD5

6f80319caeb20f9bbf349476aaa4243c
SHA1

675ed17c40b7d6970d9c0e3972350d54a099d20e
SHA256

8631af63b388db7c42e4cdfeea8a967f10eadf5ce4c62ac6fecda24b252ad87a
SHA512

1e7ed67cf94512957970c68e55598f489fe21e5ed6c24f75edf038d5582563e2185dc3585b4752acd2cb5594db5a4b2280ec034cddbcf391fe58f749c5e5a360
SSDEEP

384:QjYOucwm9EbbUHPRjT0GXi/fTqXQ/8bsdWqzYzdM2aSiM7NaLX8xcFwR:mYgkUHJPfi/bqX+8qSqZX8xtR

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1468-0-0x0000000010000000-0x0000000010011000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 1468	2616	rundll32.exe	88
PID 2616 wrote to memory of 1468	2616	rundll32.exe	88
PID 2616 wrote to memory of 1468	2616	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f80319caeb20f9bbf349476aaa4243c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6f80319caeb20f9bbf349476aaa4243c.dll,#1
  2⤵
  PID:1468

memory/1468-0-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download