99fe7c92fed9f70404ed5f88c80c55f53519c836a91ae61f02347383ec477bdd

Analysis

max time kernel
148s
max time network
115s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2024 00:21

Target

54fa010a1f5233d7bac40758215e5d9e.dll
Size

68KB
MD5

54fa010a1f5233d7bac40758215e5d9e
SHA1

dfb26dabd1aeb78787da8ac8c6a7492e58f7e8f0
SHA256

99fe7c92fed9f70404ed5f88c80c55f53519c836a91ae61f02347383ec477bdd
SHA512

3243977401baa397d37185ebc3a65f2b2dc5824a333f66c4c672f5b0c19537b8fdfb6e8c9a9029e56adeaf267527316d87fba6732f5fac82ef627e4101673866
SSDEEP

1536:Bm1NGJVG+WIyjFvZZbKJScQ3zoJahZFwzjBd++y5bnMV:kX0VwxvZZbSSlzzhZO+fJ2

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/224-0-0x0000000010000000-0x0000000010013000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 224	3996	rundll32.exe	17
PID 3996 wrote to memory of 224	3996	rundll32.exe	17
PID 3996 wrote to memory of 224	3996	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\54fa010a1f5233d7bac40758215e5d9e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\54fa010a1f5233d7bac40758215e5d9e.dll,#1
  2⤵
  PID:224

memory/224-0-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download