33f980ae4453e7d02ae158b2acfcf45aeaf3e3a91ba75838e9e325b0ebd67150

Analysis

max time kernel
139s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2024 07:15

Target

4daf48ef0863b57251b940a2a899f758.dll
Size

46KB
MD5

4daf48ef0863b57251b940a2a899f758
SHA1

1e940f7c3d1e5ed3943fa5f9f94ba0738e754d24
SHA256

33f980ae4453e7d02ae158b2acfcf45aeaf3e3a91ba75838e9e325b0ebd67150
SHA512

73aedd1cbb784beb52eddf114fb9eede0fbf71df4c525359f95ee87fb80f13cbdcc8209ca0fbf8d0210e89ccb4a4be1cc120302e12084a264393ed3c2f7c73c4
SSDEEP

768:bh7WMbG9fblxnw39/L1z11H55QpVc92EQYX66pfPhyVWRh1NVcVZnbcuyD7Uz7O:dtYXC/L1d5QpVq2EQGfPsV2VcVZnouyQ

Score

8^/10

upx

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Drivers\beep.sys	rundll32.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4340-0-0x0000000010000000-0x0000000010020000-memory.dmp	upx

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 4340	436	rundll32.exe	14
PID 436 wrote to memory of 4340	436	rundll32.exe	14
PID 436 wrote to memory of 4340	436	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4daf48ef0863b57251b940a2a899f758.dll,#1
1⤵
- Drops file in Drivers directory
PID:4340

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4daf48ef0863b57251b940a2a899f758.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:436

memory/4340-0-0x0000000010000000-0x0000000010020000-memory.dmp

Filesize
128KB

Download