6eea97be5995dd02128a469b709fbd0e0f27cd35ed5906633a7c885c8320b184 | Triage

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 19:19

Sharing

Report Analysis Logs

General

Target

574b18ad3093b6bf58058aa32f76f8e5.dll
Size

61KB
MD5

574b18ad3093b6bf58058aa32f76f8e5
SHA1

44598c1c6c6cddecbb958b226061ccbd6854a0cc
SHA256

6eea97be5995dd02128a469b709fbd0e0f27cd35ed5906633a7c885c8320b184
SHA512

012b9a5ea4807f43a52493d7afefe2a5add3df676ee01d8388bb031c1823a72d89fac1fc8011d3d05456c36c7d052fc6a33fbdd5975a10a8ae29e2b96b784bd5
SSDEEP

1536:EGb2IWElySgpwbPF9G27vPHLnqB78XZDX0c7K:EGbvbynsF9G27v/TqoXZTbK

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4612-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4496 wrote to memory of 4612	4496	rundll32.exe	87
PID 4496 wrote to memory of 4612	4496	rundll32.exe	87
PID 4496 wrote to memory of 4612	4496	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\574b18ad3093b6bf58058aa32f76f8e5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4496
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\574b18ad3093b6bf58058aa32f76f8e5.dll,#1
  2⤵
  PID:4612

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4612-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download