76850fec8a67abb3dd87e3abb85c196c2b8125686babe0cbe44fb93223de55f1

Analysis

max time kernel
136s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 13:23

Target

19e2f9eac037ae2b7428974e7045a1c7.dll
Size

19KB
MD5

19e2f9eac037ae2b7428974e7045a1c7
SHA1

5474499b7df592535e71596f3d59aa4ecf3e277a
SHA256

76850fec8a67abb3dd87e3abb85c196c2b8125686babe0cbe44fb93223de55f1
SHA512

8935989c5124dedb42839cb8def2ac566005a690f053a759913c0d82225b4cc9543531fec1c0efe3ef17ba4b56ed7a4008b818e8253a78c59c13726a0e9f74de
SSDEEP

384:agdOKYRoZKkQaNWyVTNLFZA8kYJiuoiyDangxK2kGtnR:ixKZK98TNZl4vpDxK2VR

Score

7^/10

upx

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1996-0-0x0000000000B30000-0x0000000000B47000-memory.dmp	upx
behavioral2/memory/1996-1-0x0000000000B30000-0x0000000000B47000-memory.dmp	upx
behavioral2/memory/1996-2-0x0000000000B30000-0x0000000000B47000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 1996	2060	rundll32.exe	87
PID 2060 wrote to memory of 1996	2060	rundll32.exe	87
PID 2060 wrote to memory of 1996	2060	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\19e2f9eac037ae2b7428974e7045a1c7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\19e2f9eac037ae2b7428974e7045a1c7.dll,#1
  2⤵
  PID:1996

memory/1996-0-0x0000000000B30000-0x0000000000B47000-memory.dmp

Filesize
92KB

Download
memory/1996-1-0x0000000000B30000-0x0000000000B47000-memory.dmp

Filesize
92KB

Download
memory/1996-2-0x0000000000B30000-0x0000000000B47000-memory.dmp

Filesize
92KB

Download