12108f3b28845fa6777139d96866bb7bef05ef15c106af98f8547b8565b94690

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 01:45

Target

859a8071fced97346759b2bc8d6b574b.dll
Size

62KB
MD5

859a8071fced97346759b2bc8d6b574b
SHA1

7b9693e0c1ff5e5706a4cff22538f7ae3712f6af
SHA256

12108f3b28845fa6777139d96866bb7bef05ef15c106af98f8547b8565b94690
SHA512

cac74c412ee86b9a9a6c6bc7283f3e55dc2deebef7062a01742e399bbcd203591f302032853a64345953428ec2e107c2d0b17f33e4f25a3c584426897f9ba086
SSDEEP

768:GbvLDaaMact8TwnIJocNOr3pJ988C4Mo8wYdYfl0iq8Woe0XdQUSYJvll4GWgXDO:evbKcw79BCrr5dddOe0XdQYfdgwUfxua

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4072-0-0x0000000010000000-0x000000001000C000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 4072	4908	rundll32.exe	12
PID 4908 wrote to memory of 4072	4908	rundll32.exe	12
PID 4908 wrote to memory of 4072	4908	rundll32.exe	12

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\859a8071fced97346759b2bc8d6b574b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\859a8071fced97346759b2bc8d6b574b.dll,#1
  2⤵
  PID:4072

memory/4072-0-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download