2b392a63b253e0eaee232d8b739e515df65c857d246a617a13d6a8cf200f5593

Analysis

max time kernel
93s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 18:38

Target

2b392a63b253e0eaee232d8b739e515df65c857d246a617a13d6a8cf200f5593.dll
Size

60KB
MD5

3f762470e7006f16cdb752d8157b1a59
SHA1

04564c8d825c52a3982dc640e5d82f9786de1cb0
SHA256

2b392a63b253e0eaee232d8b739e515df65c857d246a617a13d6a8cf200f5593
SHA512

bf8895328e09f03fcde447470c8e89c7c92f76488cd682a9556cb164d26564d8102dd1532319a445a2ce31b07bc67b284536d29605bc51c126737b2a879cfd33
SSDEEP

1536:qmmM8e5djv237DFpJ4fyialB0iLB4qu/V3sqz:QMB5dj23VpJ4uDBLBo3sqz

Score

9^/10

upx

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
behavioral2/memory/2604-0-0x0000000010000000-0x000000001000E000-memory.dmp	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2604-0-0x0000000010000000-0x000000001000E000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 2604	4644	rundll32.exe	85
PID 4644 wrote to memory of 2604	4644	rundll32.exe	85
PID 4644 wrote to memory of 2604	4644	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b392a63b253e0eaee232d8b739e515df65c857d246a617a13d6a8cf200f5593.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b392a63b253e0eaee232d8b739e515df65c857d246a617a13d6a8cf200f5593.dll,#1
  2⤵
  PID:2604

memory/2604-0-0x0000000010000000-0x000000001000E000-memory.dmp

Filesize
56KB

Download