ed880c2f46bd3254a7e66d3951a4f332977b0b8f1d00e2b3df48708c06d5549a | Triage

Analysis

max time kernel
148s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2024 07:10

Sharing

Report Analysis Logs

General

Target

55cf463944b46659de0975d63c186fb7.dll
Size

51KB
MD5

55cf463944b46659de0975d63c186fb7
SHA1

753f8e9aca4f19daddee76473c35d2ff10fba2c8
SHA256

ed880c2f46bd3254a7e66d3951a4f332977b0b8f1d00e2b3df48708c06d5549a
SHA512

91d1838ce8833db1605c04209fa1ae1d9d922b1d74264a009b6c41b0284620316049a69f0efda38ff4709497e4c6f96965026c4b08f12e323816e13bcea5f2cb
SSDEEP

1536:V8O9Nn6RjriQvwBeKUQZ1j/KVLtwRjf5Gd3:2Oz6VWmueRQZ1jyltE7Md3

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4780-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 4780	1436	rundll32.exe	62
PID 1436 wrote to memory of 4780	1436	rundll32.exe	62
PID 1436 wrote to memory of 4780	1436	rundll32.exe	62

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\55cf463944b46659de0975d63c186fb7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\55cf463944b46659de0975d63c186fb7.dll,#1
  2⤵
  PID:4780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4780-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download