ff0bf1865ed3652b281b6212b116647fab54276820e3bb9f064004c198da6076 | Triage

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 06:54

Sharing

Report Analysis Logs

General

Target

3c2d37ab82c57758d71d22c3af02d4bd.dll
Size

39KB
MD5

3c2d37ab82c57758d71d22c3af02d4bd
SHA1

ec9cb367511a7c4abef10f1c9dcc2fe5a65d36f5
SHA256

ff0bf1865ed3652b281b6212b116647fab54276820e3bb9f064004c198da6076
SHA512

900ed0b35d3799dcf996fb739b741eca73b70ee12e39718516bda766e5904b83e4f7790b0cf5d0d9262a46ba1c534ac0be31a4c3c4f97b990771ba425ccb642e
SSDEEP

768:+gNkM0A43duMfdfAd0gacfA/vXGw7T46/J:BkDzDfmd0gfAW8T7J

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4904-0-0x0000000010000000-0x000000001001D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 4904	5092	rundll32.exe	90
PID 5092 wrote to memory of 4904	5092	rundll32.exe	90
PID 5092 wrote to memory of 4904	5092	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c2d37ab82c57758d71d22c3af02d4bd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c2d37ab82c57758d71d22c3af02d4bd.dll,#1
  2⤵
  PID:4904

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4904-0-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download