b1b3ab361281cdfd0f07c27c02e518e0a5092d2bcab03f619f262ce7603ccce7

Analysis

max time kernel
147s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 02:17

Target

0b5d3c7b86aefed654d8cb1863721e85.dll
Size

43KB
MD5

0b5d3c7b86aefed654d8cb1863721e85
SHA1

911b1b400208e263e93fe4e0037fd52539601432
SHA256

b1b3ab361281cdfd0f07c27c02e518e0a5092d2bcab03f619f262ce7603ccce7
SHA512

d1a9b17622d10078a5837db80c9fc16f7f2373cb7a462421e988ae9bc5b75516e5b89a9c3834ca34c209e20cf82778b5f8aa59da76c52185d4bb8bec868d21f9
SSDEEP

768:4xFmDJua1lNAF3LjHvCqKKt5oFF1x+lC7nokGJbK46IHzm4OKmHLQ4D:4xFcH1W3/P6K3yTx+lXN046izOKOzD

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4620-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4184 wrote to memory of 4620	4184	rundll32.exe	14
PID 4184 wrote to memory of 4620	4184	rundll32.exe	14
PID 4184 wrote to memory of 4620	4184	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b5d3c7b86aefed654d8cb1863721e85.dll,#1
1⤵
PID:4620

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b5d3c7b86aefed654d8cb1863721e85.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4184

memory/4620-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download