7b89c6500cf303c485da9b8f36df14b393f438949a614bab1c1c000487a6b32e | Triage

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 20:52

Sharing

Report Analysis Logs

General

Target

a2bab32a0a8b1b8a1088c75d6af1012f.dll
Size

49KB
MD5

a2bab32a0a8b1b8a1088c75d6af1012f
SHA1

5942bd38b3813b1144033bcf139b4721c0b96150
SHA256

7b89c6500cf303c485da9b8f36df14b393f438949a614bab1c1c000487a6b32e
SHA512

e2f21ff0552be771924745020e81b9417b4a0280d2bba383af4fec37cea894b111cdd81bdb879724c5687d5492e54fdc710d3bf9916a0777656b0baf7fb0628d
SSDEEP

1536:1BB/3k4AyrXn+WQki/HzUs/+SlVcOhhHHO2:1H/3cSX+71yKSOfHHO2

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/692-0-0x0000000010000000-0x000000001001D000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 728 wrote to memory of 692	728	rundll32.exe	88
PID 728 wrote to memory of 692	728	rundll32.exe	88
PID 728 wrote to memory of 692	728	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2bab32a0a8b1b8a1088c75d6af1012f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2bab32a0a8b1b8a1088c75d6af1012f.dll,#1
  2⤵
  PID:692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/692-0-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download