d58ce6cf30a7eb61692930e50349da3ba5983fc29913b8be71d96c73d0db5de0

Analysis

max time kernel
136s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 20:23

Target

1bc81890b3f14f8fbf83abe04280b51a.dll
Size

57KB
MD5

1bc81890b3f14f8fbf83abe04280b51a
SHA1

7756b9d0180df262f5f7be07181ec83ea1304a32
SHA256

d58ce6cf30a7eb61692930e50349da3ba5983fc29913b8be71d96c73d0db5de0
SHA512

e83be7cddf18af14182177f4829e7d2cf879f5cec02ff35d0d18c50cb9c04f73e9aeadfc659a314dd1c420e49992273db998545badb17b7671c367754e7cdfc7
SSDEEP

1536:j4ABNjFc+O+oSxzSDjp6wGq7n8qZkC3bwyts0bKh04jEptPnchiN:bhFc+mSxzg2yHLbTs0eqoEptPnc4

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4608-0-0x0000000010000000-0x000000001002F000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4608	regsvr32.exe
4608	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 4608	1896	regsvr32.exe	14
PID 1896 wrote to memory of 4608	1896	regsvr32.exe	14
PID 1896 wrote to memory of 4608	1896	regsvr32.exe	14

C:\Windows\SysWOW64\regsvr32.exe
/s C:\Users\Admin\AppData\Local\Temp\1bc81890b3f14f8fbf83abe04280b51a.dll
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4608

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\1bc81890b3f14f8fbf83abe04280b51a.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:1896

memory/4608-0-0x0000000010000000-0x000000001002F000-memory.dmp

Filesize
188KB

Download