03fd98d8ce61ad6016d6e61afc2b766f6c60780b66d4995a2aca8bbebc152438

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 02:49

Target

57c946fc90fa6e8b36616e0999087c45.dll
Size

19KB
MD5

57c946fc90fa6e8b36616e0999087c45
SHA1

d4e3bae44293e70c5cce0c06bd2267e866480e10
SHA256

03fd98d8ce61ad6016d6e61afc2b766f6c60780b66d4995a2aca8bbebc152438
SHA512

17e0568e63d88abf5a8915f6c3db4870d0848e85a093127969840d92f87dfd11fdd4fcc3b092f4a7c5bd76e98c832b7de555f17ad2df2eb9df7bd5feab37cdf2
SSDEEP

192:njeCgZocf9LCyvyQP+2mFCXK2pwqCffMeUS5zA/O7pQ88bjGNuMmajPcNM5cFYZz:jeZZRvHWfZ5MG7pSktkP0zDWyTGkW

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1152-0-0x0000000000400000-0x0000000000412000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 1152	2740	rundll32.exe	16
PID 2740 wrote to memory of 1152	2740	rundll32.exe	16
PID 2740 wrote to memory of 1152	2740	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\57c946fc90fa6e8b36616e0999087c45.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\57c946fc90fa6e8b36616e0999087c45.dll,#1
  2⤵
  PID:1152

memory/1152-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download