9d847700d5f05b0b02e9861b4e61c4ae7724b5c899d94500a4ae19c222cbc6c3

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/01/2024, 01:22

Target

735cd5620753c74d62606ec19744a461.dll
Size

79KB
MD5

735cd5620753c74d62606ec19744a461
SHA1

28896ea14babe65ff541653e92da5a8435338413
SHA256

9d847700d5f05b0b02e9861b4e61c4ae7724b5c899d94500a4ae19c222cbc6c3
SHA512

c341ff3e0bd2d18f2eade9d67cde1b1b9875e9dfaa6f90ae52dbbabded72435080ef2159d563341c1b7aa21e0dc60dd216eebac709b62ca400148f2cd5d3ea47
SSDEEP

1536:znsKF+NWG6qEPv/Cqaxz469WeCz76G8hVfT08779HxNXKbGmO52nu:zsKF+Nh6qunCqaxs69MzL8hVfdRNlnMu

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1616-0-0x0000000000400000-0x0000000000437000-memory.dmp	upx
behavioral2/memory/1616-1-0x0000000000400000-0x0000000000437000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1616	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 1616	764	rundll32.exe	86
PID 764 wrote to memory of 1616	764	rundll32.exe	86
PID 764 wrote to memory of 1616	764	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\735cd5620753c74d62606ec19744a461.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\735cd5620753c74d62606ec19744a461.dll,#1
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1616

memory/1616-0-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download
memory/1616-1-0x0000000000400000-0x0000000000437000-memory.dmp

Filesize
220KB

Download