d30b40e7579e64153a5e04114694784fe86f44f4d2c1bed9fef411feb05e43c7 | Triage

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 14:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

58f609b446caf68029be77182bb122c7.dll
Size

61KB
MD5

58f609b446caf68029be77182bb122c7
SHA1

7c3e100224d1b2e72706f1a374d8f70cd95dd388
SHA256

d30b40e7579e64153a5e04114694784fe86f44f4d2c1bed9fef411feb05e43c7
SHA512

690b0c7ca533d53f7a586f9b842f8a5a189506949834afa54dcfb73d6bbb8e9da7306acb9da6ca84a6ce90eed275a3de2ee527c2788b8d7044cdec5638788476
SSDEEP

1536:GIrNpVJUMAEGOfZjy9Yj8BRyLqoCem81kfkXjVoo:G0TBjd8yLpCemWkfkXjVT

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3976-0-0x0000000010000000-0x000000001002C000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3976	rundll32.exe
3976	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3328 wrote to memory of 3976	3328	rundll32.exe	39
PID 3328 wrote to memory of 3976	3328	rundll32.exe	39
PID 3328 wrote to memory of 3976	3328	rundll32.exe	39

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\58f609b446caf68029be77182bb122c7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\58f609b446caf68029be77182bb122c7.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3976-0-0x0000000010000000-0x000000001002C000-memory.dmp

Filesize
176KB

Download