a650c4357227b0fd8ba6cd6dc3a9fb0b53812ee8caa79544f419add2b653bdfb

Analysis

max time kernel
95s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 12:28

Target

VirusShare_1b266f23cab5ae881ca35344e86c3ef0.dll
Size

148KB
MD5

1b266f23cab5ae881ca35344e86c3ef0
SHA1

02fd7e7c00c2bea42541ff3043641a4e655d7299
SHA256

a650c4357227b0fd8ba6cd6dc3a9fb0b53812ee8caa79544f419add2b653bdfb
SHA512

54c5e5418eecb6cb2ad213287cd9211f3cde6cd72b75ec50c499c7f27ec3a737f2ff4c8876359001317f1d8de507a5a24855aba78b0728493b2680b319d6435a
SSDEEP

3072:IjlVttNwkVCmq+UyCcGuCu/YFzH5h95OEbzk:IJVDNFCuCmLYFzvPOEU

Score

7^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3548-1-0x0000000001490000-0x00000000014C3000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 3548	3668	rundll32.exe	82
PID 3668 wrote to memory of 3548	3668	rundll32.exe	82
PID 3668 wrote to memory of 3548	3668	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_1b266f23cab5ae881ca35344e86c3ef0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\VirusShare_1b266f23cab5ae881ca35344e86c3ef0.dll,#1
  2⤵
  PID:3548

memory/3548-0-0x000000000149D000-0x00000000014A0000-memory.dmp

Filesize
12KB

Download
memory/3548-1-0x0000000001490000-0x00000000014C3000-memory.dmp

Filesize
204KB

Download