7c6fb2bde1196dddc1f41880de4787252e03f3e5aaded0b82c13a7157050bfbd

Analysis

max time kernel
146s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-01-2024 14:35

Target

3ecbf444354afbf10bf7780c991fb62d.dll
Size

57KB
MD5

3ecbf444354afbf10bf7780c991fb62d
SHA1

a030212221c8bf99d7e1b2a4aa705602b494e467
SHA256

7c6fb2bde1196dddc1f41880de4787252e03f3e5aaded0b82c13a7157050bfbd
SHA512

8b96a6963f8678567decd25a49c1fcb784ffb2234bd35f61a60c92d2bb3f748fb852d62c5d06a00ecaa491ec66a35b69e4eab2f1a6ebef0fcca879b34cb6f44e
SSDEEP

768:4X07tGPXE5WnLiVuLYgiPAXuUAdOgOmOzrFXZ4GmOwEda7NRFfpz7/7W8UG2V0OD:4sKXEHu7uUYODP8EKLfpz7/xUBTBsXYT

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2408-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2408	2868	rundll32.exe	89
PID 2868 wrote to memory of 2408	2868	rundll32.exe	89
PID 2868 wrote to memory of 2408	2868	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ecbf444354afbf10bf7780c991fb62d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3ecbf444354afbf10bf7780c991fb62d.dll,#1
  2⤵
  PID:2408

memory/2408-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download