fc017e2251fe6f8317d4e3397b5298e0ac8b0169ace812e374929460ed3a375a

Analysis

max time kernel
139s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 00:12

Target

95bd045d1a2262edf2b31fbbe4542ed4.dll
Size

60KB
MD5

95bd045d1a2262edf2b31fbbe4542ed4
SHA1

7be8d6c4b8aaa83c0646d61a7c96f87e96247770
SHA256

fc017e2251fe6f8317d4e3397b5298e0ac8b0169ace812e374929460ed3a375a
SHA512

c0f2dee3bf91b58a9e9a01d39998148e24203cdbe8a9fc922c7b6e5561cbbc38d4d5f89b6c47139cf66a5607e5e629ef018cf2701e8192b1723a4d77c37b87c7
SSDEEP

768:rhxl+jn9bv+NsK2Tpasw7v3KDtR6dXuGUNSOWBDlo/WiiFbIK85hNDzES90dh6St:dx8la1wGHRoOiiFbkhNzEM0rgv

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4612-0-0x0000000000400000-0x0000000000428000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 972 wrote to memory of 4612	972	rundll32.exe	84
PID 972 wrote to memory of 4612	972	rundll32.exe	84
PID 972 wrote to memory of 4612	972	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\95bd045d1a2262edf2b31fbbe4542ed4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\95bd045d1a2262edf2b31fbbe4542ed4.dll,#1
  2⤵
  PID:4612

memory/4612-0-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download