2e2019403a94678639e1d52089a78cc1b7fafcb687ad1917a4fb8bd49b2e291e

Analysis

max time kernel
51s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 19:50

Target

2e2019403a94678639e1d52089a78cc1b7fafcb687ad1917a4fb8bd49b2e291e.dll
Size

29KB
MD5

f4b0fbc5ede384c2547436072286e901
SHA1

b918ec03a43848b740c6c8b65b610595f0f56d0e
SHA256

2e2019403a94678639e1d52089a78cc1b7fafcb687ad1917a4fb8bd49b2e291e
SHA512

0ea6d8427613641f3710e235b7ff6b0505eb157abb0f1bf22986a6ecabb805a3211863deb1f46eeee462bea128cac184c404a30d63257fb1716211dcdaef201f
SSDEEP

768:h+qDYgrzrWohhbTBoEqk0fC6hSxPHALkgu4p:h5DYgrzrnboEz0TSRu44p

Score

9^/10

upx

UPX dump on OEP (original entry point) 1 IoCs

resource	yara_rule
behavioral2/memory/4812-0-0x0000000074C70000-0x0000000074C83000-memory.dmp	UPX

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4812-0-0x0000000074C70000-0x0000000074C83000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2520 wrote to memory of 4812	2520	rundll32.exe	81
PID 2520 wrote to memory of 4812	2520	rundll32.exe	81
PID 2520 wrote to memory of 4812	2520	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e2019403a94678639e1d52089a78cc1b7fafcb687ad1917a4fb8bd49b2e291e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2520
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2e2019403a94678639e1d52089a78cc1b7fafcb687ad1917a4fb8bd49b2e291e.dll,#1
  2⤵
  PID:4812

memory/4812-0-0x0000000074C70000-0x0000000074C83000-memory.dmp

Filesize
76KB

Download