632ff7376bf33b90b0c31e7819613944c9f81596208853d87c40c2c9f0799726

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 00:07

Target

97f85235955aa0b74bc939f5d077916a.dll
Size

62KB
MD5

97f85235955aa0b74bc939f5d077916a
SHA1

eb6f487e918a050d2fc52f4943a1459a54a3d856
SHA256

632ff7376bf33b90b0c31e7819613944c9f81596208853d87c40c2c9f0799726
SHA512

8633d63f7e8ad67f0a064900f319871c6e62df50ac90a6ad845825facac5c27b5b16a0e05e7206546dfbfdd8b78e1b381a086c4d77f41268d32784c62dc3b874
SSDEEP

768:yuUr3ip/IHI7NQTvVOzjkDokL/vfSl/VerFy93+Y8EvLBV8oMyxet40iwbMMo49a:yl3E0TtQkDVDWgk9rftV8yxe4ncJNqGm

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4848-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 4848	4136	rundll32.exe	84
PID 4136 wrote to memory of 4848	4136	rundll32.exe	84
PID 4136 wrote to memory of 4848	4136	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\97f85235955aa0b74bc939f5d077916a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\97f85235955aa0b74bc939f5d077916a.dll,#1
  2⤵
  PID:4848

memory/4848-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download