534a2360786ab49a6e58eab3efd1379bb435d74f2868148c89100dadde607319 | Triage

Analysis

max time kernel
91s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 02:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8defef5fb093c40c5f585f25fde85e97.dll
Size

98KB
MD5

8defef5fb093c40c5f585f25fde85e97
SHA1

645cb990907e7a20722e390032271b1294da8cbe
SHA256

534a2360786ab49a6e58eab3efd1379bb435d74f2868148c89100dadde607319
SHA512

71c1dba3bd50ed7eb06a41b1501fad26e49323898b4ea68c50279a0b76b895446e8cd9396f72f8c3b0d7af922888d810b5b962e6b833ff876ccabd096d707549
SSDEEP

3072:z1QT0hvKOW4cVLLePlKWhWhOyTz50Li98:z1fQOWfNWVgTqQ8

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2096-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 2096	4912	rundll32.exe	84
PID 4912 wrote to memory of 2096	4912	rundll32.exe	84
PID 4912 wrote to memory of 2096	4912	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8defef5fb093c40c5f585f25fde85e97.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8defef5fb093c40c5f585f25fde85e97.dll,#1
  2⤵
  PID:2096

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2096-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download