71b3205d1878c8a22f79e4381e1873102bb6e58e64d2eed05c783170fbafde93 | Triage

Analysis

max time kernel
143s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 12:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

18f06c4ac4a90b887bfa5273ef2aaed0.dll
Size

17KB
MD5

18f06c4ac4a90b887bfa5273ef2aaed0
SHA1

77d2fa4fb7aa32291fb7280dd3b10b7f32d780dd
SHA256

71b3205d1878c8a22f79e4381e1873102bb6e58e64d2eed05c783170fbafde93
SHA512

fcd014ddf06787679f266a5f5ac0b1067b78d755b82d734c9cbc90ef5abc7545a899181e2eef194ff97b6d9da827681ba6a5b40290acaec7365f8ebb03192d34
SSDEEP

384:0RGbVU3INtbL9/Q3I4Vm1LMVxjAbCfnjbmbFoCl5Qj:0ReVUat1I38i+b2cA

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4448-0-0x0000000000400000-0x0000000000410000-memory.dmp	upx
behavioral2/memory/4448-1-0x0000000000400000-0x0000000000410000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 4448	4920	rundll32.exe	89
PID 4920 wrote to memory of 4448	4920	rundll32.exe	89
PID 4920 wrote to memory of 4448	4920	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\18f06c4ac4a90b887bfa5273ef2aaed0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\18f06c4ac4a90b887bfa5273ef2aaed0.dll,#1
  2⤵
  PID:4448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4448-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/4448-1-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download