941c55c178d109c1af6ca548fbc8d5cf2abe6a7ae9c9517348f499e015ce14fc | Triage

Analysis

max time kernel
443s
max time network
450s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
06-02-2024 00:08

Sharing

Report Analysis Logs

General

Target

DSETUP.dll
Size

10KB
MD5

49fda5c14716af4add17f1df44d90c6f
SHA1

1f29372011058d4ed744285e83f38057ad7f1909
SHA256

615d271ebf21140a26fea321f2f0839e37f52e8c5adc6f09c41abaa0e1b40d18
SHA512

e9def21c72e4815fc3bf6882f810e95cace5e18f27c98d2c1374765c3be5426eafd9d4b89dae5e05a70f88f417441836761f056eb692c87b83d294c190358668
SSDEEP

192:nJ+pOSnaYbHiaqwJRo46AzfueJYQeywApE+eBak7h2c0H99M/m/V:cnWKLdqQeMyBak70ceYc

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral6/memory/456-0-0x0000000015080000-0x0000000015091000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2596 wrote to memory of 456	2596	rundll32.exe	rundll32.exe
PID 2596 wrote to memory of 456	2596	rundll32.exe	rundll32.exe
PID 2596 wrote to memory of 456	2596	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DSETUP.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2596

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DSETUP.dll,#1
2⤵
PID:456

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/456-0-0x0000000015080000-0x0000000015091000-memory.dmp

Filesize
68KB

Download