03088d2fd39996d8398930988887f22536bfd2daf28f28f621394080da76f473

Analysis

max time kernel
150s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 18:26

Target

03088d2fd39996d8398930988887f22536bfd2daf28f28f621394080da76f473.dll
Size

275KB
MD5

484a1e40814febb4430717a8ef194bd0
SHA1

f6cfeb7e220062c4b0d85af2d340e7e91a0dc089
SHA256

03088d2fd39996d8398930988887f22536bfd2daf28f28f621394080da76f473
SHA512

cab588e9e05cb3ed9d1525849f33798f635e4671d43bc55ae6ee7a5c93086c8915f822456c0bbffaa8beff5229626ee01115ca17c6ddc7262162aae97509fdb5
SSDEEP

1536:5WaIDIDH8/y2Oswfi7FyrRrRRNCcROuDtS13e43XQXri9xDnJzipCgk6tXbhLA:5FAK7IubOuDE13LQuJzLErlA

Score

9^/10

upx

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
behavioral2/memory/776-0-0x0000000010000000-0x0000000010046000-memory.dmp	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/776-0-0x0000000010000000-0x0000000010046000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4552 wrote to memory of 776	4552	rundll32.exe	88
PID 4552 wrote to memory of 776	4552	rundll32.exe	88
PID 4552 wrote to memory of 776	4552	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\03088d2fd39996d8398930988887f22536bfd2daf28f28f621394080da76f473.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4552
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\03088d2fd39996d8398930988887f22536bfd2daf28f28f621394080da76f473.dll,#1
  2⤵
  PID:776

memory/776-0-0x0000000010000000-0x0000000010046000-memory.dmp

Filesize
280KB

Download