8553c487faffec9b996d615fd4281e911deea9d91a6e98c36670b7024320113b

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 17:57

Target

6846287f8c8b7f27ce61cbd0bcd0f3eb.dll
Size

94KB
MD5

6846287f8c8b7f27ce61cbd0bcd0f3eb
SHA1

d3388d0163a75127edca6d759a238f5888ad9bfd
SHA256

8553c487faffec9b996d615fd4281e911deea9d91a6e98c36670b7024320113b
SHA512

31bb4576ec0770b6d0d5944c956fe9877567c2cde0cf53abf06cda8a44eedd0bc6fbd8a2803e6de99765d59a1c1f587463b3bbbac48146ebb638a493aaa822ed
SSDEEP

1536:2moLIIWdNE9jv4LsBgIEmcbEMHsePqm/FKjnOvVKmM1lgZ4PziO:f2RWdNEp4Ls2VbEqPqmdKk1E84P/

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/644-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 644	2332	rundll32.exe	17
PID 2332 wrote to memory of 644	2332	rundll32.exe	17
PID 2332 wrote to memory of 644	2332	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6846287f8c8b7f27ce61cbd0bcd0f3eb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6846287f8c8b7f27ce61cbd0bcd0f3eb.dll,#1
  2⤵
  PID:644

memory/644-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download