aaed3b5693d85b4f6ac9d1bc15e8a70fb7a40f5a91b51b984cbebe79b2e52208

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 05:12

Target

2984243892f7c5c24d46ea5a0eeef6a1.dll
Size

50KB
MD5

2984243892f7c5c24d46ea5a0eeef6a1
SHA1

764aeda58d04f9c7fd5c508cb86fb31867e17ff1
SHA256

aaed3b5693d85b4f6ac9d1bc15e8a70fb7a40f5a91b51b984cbebe79b2e52208
SHA512

4c5f2c1e12774b0e2236de6ea7bc1443fd55da0e1907f720aa4843c3d66437d23cf383cac57cdc2f67579549d9920535ab48c90dce22103370cdc4f664b4390f
SSDEEP

768:56IRmOOuSayvxnL2hJ5Kk0+Yy9S7LsrTGAwdTND0a6axm52ULdKHDKlHpacl:5jRmOPyvxL2hDKO9S7LYGA2SdBKjIv

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2848-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 2848	2520	rundll32.exe	15
PID 2520 wrote to memory of 2848	2520	rundll32.exe	15
PID 2520 wrote to memory of 2848	2520	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2984243892f7c5c24d46ea5a0eeef6a1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2984243892f7c5c24d46ea5a0eeef6a1.dll,#1
  2⤵
  PID:2848

memory/2848-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download