7902c96bd7a514e2759950b886dd46dab9c2cae719b7300d3112c781b1fd5a3b

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 21:46

Target

04ca169d9cdea4a1bb7b0075b3c342f4.dll
Size

66KB
MD5

04ca169d9cdea4a1bb7b0075b3c342f4
SHA1

1abb2fb5ff8bb4d86ed869824f1b5aee5972d967
SHA256

7902c96bd7a514e2759950b886dd46dab9c2cae719b7300d3112c781b1fd5a3b
SHA512

f258562d79f3d46257bb43817934eaa70f33d37de74cb0bbf4339fce6a022de6a0f390d00fc59b66d9034d84e6ced09edc81024f530973fe04bdab6907054bae
SSDEEP

768:0sZIlOe1SCkLOk+ZWXSGSMYjg/Mdu2+dkQ8mW4Eu7XNXRub3DWmN+Ul0h2SWue2R:VZIcCxRXG6ps2+JhVdXgKmNS2ScjjQGI

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3852-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 3852	2116	rundll32.exe	89
PID 2116 wrote to memory of 3852	2116	rundll32.exe	89
PID 2116 wrote to memory of 3852	2116	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04ca169d9cdea4a1bb7b0075b3c342f4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\04ca169d9cdea4a1bb7b0075b3c342f4.dll,#1
  2⤵
  PID:3852

memory/3852-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download