d21665dfe3585e46c95bfe5ba45495e8ceccce3e2bc92fd993bbfaa011a216a5 | Triage

Analysis

max time kernel
93s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27-04-2024 18:54

Sharing

Report Analysis Logs

General

Target

I386/SYSTEM32/DESKPERF.dll
Size

10KB
MD5

3e84057cfe5de418466bfa9b577a4d37
SHA1

17f3930d9bf3f88e0a0697e622182b578b96efd2
SHA256

a4026a864c03a27eac5762a1d80ac578b41d87ee27dd97e0d2f44f1b3ba4c115
SHA512

ffd6275ed63eb8b09a9c0b7fa8d0199665934a7330849379b36e1dc332582e36b76bd0d97aa4e9d7eb0b14455e90c8e2ad983e914f64cffb43acb6771365443f
SSDEEP

192:1GQrNYKgaQJLL3jJPeryy3ICLdHLItivWCaNpWZ8N:1GQrNYgQ7Peryy4qhW/NpWQ

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral19/memory/5084-0-0x000000006D3F0000-0x000000006D3FA000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3524 wrote to memory of 5084	3524	rundll32.exe	83
PID 3524 wrote to memory of 5084	3524	rundll32.exe	83
PID 3524 wrote to memory of 5084	3524	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\SYSTEM32\DESKPERF.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3524
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\I386\SYSTEM32\DESKPERF.dll,#1
  2⤵
  PID:5084

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5084-0-0x000000006D3F0000-0x000000006D3FA000-memory.dmp

Filesize
40KB

Download