6dda86be052a18f9a001b7efa15749c4c45d140afb9b93ecd254dfb2e5b7fa4b

Analysis

max time kernel
140s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14-01-2024 18:07

Target

5b812016c5a9c9240f4dc5f351c7030c.dll
Size

68KB
MD5

5b812016c5a9c9240f4dc5f351c7030c
SHA1

1f0e81c1afd52e142a59c3b41f34841a167dacf3
SHA256

6dda86be052a18f9a001b7efa15749c4c45d140afb9b93ecd254dfb2e5b7fa4b
SHA512

5116c61467a9bd82d4b0dffb9cdbbf992ff4f5a8542360985d33d4377f2ee7caecad7cfce37a557df872a07e55b775bd11b8c241184f3b6092bb7a107e92e40c
SSDEEP

1536:LszMRUys6mwJmZSGvLPhcBP5ijIUyZ3z2gvbk316:L6Put0ZLvrhkhijIpl2gvbks

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4396-0-0x0000000010000000-0x000000001000D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3424 wrote to memory of 4396	3424	rundll32.exe	88
PID 3424 wrote to memory of 4396	3424	rundll32.exe	88
PID 3424 wrote to memory of 4396	3424	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b812016c5a9c9240f4dc5f351c7030c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b812016c5a9c9240f4dc5f351c7030c.dll,#1
  2⤵
  PID:4396

memory/4396-0-0x0000000010000000-0x000000001000D000-memory.dmp

Filesize
52KB

Download