3606958dd7ab466f527b3babb9e4211ed7024c0dc28eb805c40af7a07bc5e143

Analysis

max time kernel
93s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 20:01

Target

a2a0eb6daaec3628b8d38814eb281183.dll
Size

72KB
MD5

a2a0eb6daaec3628b8d38814eb281183
SHA1

9739ee44f357a265a65b97c50a4104f01ce62030
SHA256

3606958dd7ab466f527b3babb9e4211ed7024c0dc28eb805c40af7a07bc5e143
SHA512

969c8cfcb32363b3af9bd9322b38da8986bb44152cb1a7fa7e7b77f7b00dd68381b7c18ff3e579b8bb8851d995e8098098e05ef47c0067a935d4136f08ff8573
SSDEEP

1536:7O9qu9TFfC4rIggDwaJyVL70QWwjoxFF6CKPms0l8uS+40SxYcb:7O97hIvfyh7qio/QCUA6f0S+cb

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4480-0-0x0000000010000000-0x0000000010046000-memory.dmp	upx

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4480	regsvr32.exe
4480	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 4480	4808	regsvr32.exe	87
PID 4808 wrote to memory of 4480	4808	regsvr32.exe	87
PID 4808 wrote to memory of 4480	4808	regsvr32.exe	87

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\a2a0eb6daaec3628b8d38814eb281183.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\a2a0eb6daaec3628b8d38814eb281183.dll
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4480

memory/4480-0-0x0000000010000000-0x0000000010046000-memory.dmp

Filesize
280KB

Download