646916633719bec9cbeb8db16698fbadf667e87e1f171cfe12d3d12bb2acd136

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 04:48

Target

0f034554962e86fcaae48e93c0ad7704.dll
Size

60KB
MD5

0f034554962e86fcaae48e93c0ad7704
SHA1

0999d146ef748cdfced4cbd59f576189c2f6a42e
SHA256

646916633719bec9cbeb8db16698fbadf667e87e1f171cfe12d3d12bb2acd136
SHA512

24428ca972b88a5a473250d7eb5eb7f300ee32b78d89b76abce4fdb0f1af9b7ffe5d694f5618e44a70b1dd10c2a9845819d72a86f000d2592e1d3ca12084df4a
SSDEEP

1536:n7ZLNPp9pZBMDVLW8xYkNyDVFqPBFFDqmbWj5IO239dJkvHSBOsAL:7Zpp0NyD3qZfD+SBm

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1400-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 1400	4260	rundll32.exe	86
PID 4260 wrote to memory of 1400	4260	rundll32.exe	86
PID 4260 wrote to memory of 1400	4260	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f034554962e86fcaae48e93c0ad7704.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f034554962e86fcaae48e93c0ad7704.dll,#1
  2⤵
  PID:1400

memory/1400-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download