c1b42d05da0f4e69dd4d88c17cde9d34e4b4831f19d3e060ebae7d364f2a7a23

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 16:55

Target

c3e01ff6201da0ad3c36fc65ee60aec9.dll
Size

18KB
MD5

c3e01ff6201da0ad3c36fc65ee60aec9
SHA1

d3870fb7b460470aa38797260511f1e03ef63faa
SHA256

c1b42d05da0f4e69dd4d88c17cde9d34e4b4831f19d3e060ebae7d364f2a7a23
SHA512

8439c638b531511877fa7c640deb46fae7ca28c875881f57d84f0e5a97bf1d35706c1f741f2b5fd60d71f90988ac1a5fb8c56836c51fca70ec8af06a3af820f8
SSDEEP

384:e5r6uu7XjYX+YE8Y017vs7sMPSkMECnVws0P1Exfnb7UbE6:y697zw+f8D17vhMAEeV2dKIP

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4532-0-0x0000000010000000-0x0000000010012000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 4532	3108	rundll32.exe	88
PID 3108 wrote to memory of 4532	3108	rundll32.exe	88
PID 3108 wrote to memory of 4532	3108	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c3e01ff6201da0ad3c36fc65ee60aec9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c3e01ff6201da0ad3c36fc65ee60aec9.dll,#1
  2⤵
  PID:4532

memory/4532-0-0x0000000010000000-0x0000000010012000-memory.dmp

Filesize
72KB

Download