ca0658e0ac29485bce63a4671ec1dea2f7e8f2e37b81167d6f71d5aad605f6c7

Analysis

max time kernel
137s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 20:17

Target

65f0e9a4a8632f3b9d49812fcc13951d.dll
Size

40KB
MD5

65f0e9a4a8632f3b9d49812fcc13951d
SHA1

c3175e6ed29fc2eba3644f473918eb9f9bd812f0
SHA256

ca0658e0ac29485bce63a4671ec1dea2f7e8f2e37b81167d6f71d5aad605f6c7
SHA512

0f867c8c9b72b3484c5b4f76a3909fd7bdbbbe0133dc6fd1f16e9b550abf012d76e742119b69a41ecc7223e1f3b41b93d4d00c5ef15743daac02838fe07404b9
SSDEEP

768:MijJf+C1ipa1urtfZzQID9SHbR/UkzD2I+M+F9R+roZoj:PJf+CcpPx3D9SHlUk+JRQf

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1568-0-0x0000000020000000-0x0000000020021000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3916 wrote to memory of 1568	3916	regsvr32.exe	84
PID 3916 wrote to memory of 1568	3916	regsvr32.exe	84
PID 3916 wrote to memory of 1568	3916	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\65f0e9a4a8632f3b9d49812fcc13951d.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3916
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\65f0e9a4a8632f3b9d49812fcc13951d.dll
  2⤵
  PID:1568

memory/1568-0-0x0000000020000000-0x0000000020021000-memory.dmp

Filesize
132KB

Download