bf2dbcfe7b96efe0e9df163a9fe0be1525c5bb59bd7415c1b986964964324f48

Analysis

max time kernel
144s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 11:51

Target

462800bd95926fefae45100555ed5791.dll
Size

12KB
MD5

462800bd95926fefae45100555ed5791
SHA1

5854c89d010970d5fef2506a5d67222cca30fc15
SHA256

bf2dbcfe7b96efe0e9df163a9fe0be1525c5bb59bd7415c1b986964964324f48
SHA512

a6469011bc203b4426efb324a242f3a9591fcd1f5a74b5b66c79a16fbdc6b4794f7440144bb183a421cf7ad103c08a3d0e9cf434ba167873980e15fb8a73383f
SSDEEP

192:jY4Ho8m4SVF64cTz3u6w4mmpeenGFh9Wk6BfUEkXbrHIKeLkaR3WNW:9Ho6uFA3u6ymsLFh9WVx3GXIKfatWNW

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2316-0-0x0000000010000000-0x000000001000C000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 564 wrote to memory of 2316	564	rundll32.exe	17
PID 564 wrote to memory of 2316	564	rundll32.exe	17
PID 564 wrote to memory of 2316	564	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\462800bd95926fefae45100555ed5791.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\462800bd95926fefae45100555ed5791.dll,#1
  2⤵
  PID:2316

memory/2316-0-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download