994b53de8135a5bdd5b5c6911db4d6808ec14625eea25e143b79fd17205e33d2

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 13:36

Target

4e71a1c67d580a58b5c13b30e7b063b1.dll
Size

24KB
MD5

4e71a1c67d580a58b5c13b30e7b063b1
SHA1

0e3e0fe55a1b081b627a5d18643686f3359e77b8
SHA256

994b53de8135a5bdd5b5c6911db4d6808ec14625eea25e143b79fd17205e33d2
SHA512

0888d6843fcb66c2677d01c4ce598df1391ed74d0c2f85f2fe1fb38ab1015cdc1f15ec2f1ce5336ad7d85554ff6f038daa275db4b75fe05ccd5ab0640a105e0c
SSDEEP

384:qv/KDFpO0KdDWwY4qcUsx6PUyX4PksczvSsDNWvqPRnmHxCgkgaRd1IJAbjfNPgM:WKBpO0KdSBHnVzv9ZdPRnXgkgCKJA1PN

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4232-0-0x0000000010000000-0x0000000010013000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 4232	228	rundll32.exe	84
PID 228 wrote to memory of 4232	228	rundll32.exe	84
PID 228 wrote to memory of 4232	228	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e71a1c67d580a58b5c13b30e7b063b1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e71a1c67d580a58b5c13b30e7b063b1.dll,#1
  2⤵
  PID:4232

memory/4232-0-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download