3215515495b8686dd61d7021cdb2baf760b73d1d661bfe156d860378f69b4e15

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 12:55

Target

8c605fd630fbfe44119f27d04589a889.dll
Size

19KB
MD5

8c605fd630fbfe44119f27d04589a889
SHA1

0d16347c8156ea6538d80e15ed38e067bdd1a116
SHA256

3215515495b8686dd61d7021cdb2baf760b73d1d661bfe156d860378f69b4e15
SHA512

410c68443e0240f8143f936d8bb057a8aa0fe4763025d418117b70b86b5d4265b359dbb5284cbb2fd0724ab5d4b6a9e70bb440211489753cba769801e304ee80
SSDEEP

384:MgOkxxIP6eFN53b/D1O7z/9tmNaap6onGcV162j+ST5:M5kHISeF/rbA3/HKNnt1Fjx

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4224-0-0x0000000000780000-0x0000000000797000-memory.dmp	upx
behavioral2/memory/4224-1-0x0000000000780000-0x0000000000797000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3356 wrote to memory of 4224	3356	rundll32.exe	84
PID 3356 wrote to memory of 4224	3356	rundll32.exe	84
PID 3356 wrote to memory of 4224	3356	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c605fd630fbfe44119f27d04589a889.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8c605fd630fbfe44119f27d04589a889.dll,#1
  2⤵
  PID:4224

memory/4224-0-0x0000000000780000-0x0000000000797000-memory.dmp

Filesize
92KB

Download
memory/4224-1-0x0000000000780000-0x0000000000797000-memory.dmp

Filesize
92KB

Download