7e1652afc0d6b530e36b3ef7a3d91f86803d81eba2ed3be9eb8c4aaab3ec2c2a

Analysis

max time kernel
90s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/02/2024, 11:27

Target

86c77fd101d30bb48eafb83cea5fbf15.dll
Size

67KB
MD5

86c77fd101d30bb48eafb83cea5fbf15
SHA1

05897c824a85ee509629fa6ad222668c5547233b
SHA256

7e1652afc0d6b530e36b3ef7a3d91f86803d81eba2ed3be9eb8c4aaab3ec2c2a
SHA512

f7db48b905934b5dcfd22431016bda31d73de2f197f1d24fc52ea2d2c6306fe79df18738a2827d01c7df5fc3dd72e8d52657dcb0e3b1a371dbd74de0892b10f6
SSDEEP

1536:zW8EX8FeDKWSbaNdUV/myKG8FQw1h2A2K1twBvjQtcZ:zW8hEbdKQH91J2KzwQtcZ

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4828-0-0x0000000010000000-0x0000000010041000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3324 wrote to memory of 4828	3324	regsvr32.exe	84
PID 3324 wrote to memory of 4828	3324	regsvr32.exe	84
PID 3324 wrote to memory of 4828	3324	regsvr32.exe	84

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\86c77fd101d30bb48eafb83cea5fbf15.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:3324
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\86c77fd101d30bb48eafb83cea5fbf15.dll
  2⤵
  PID:4828

memory/4828-0-0x0000000010000000-0x0000000010041000-memory.dmp

Filesize
260KB

Download