98368ac9d90df00a717a50b40f5dbf95276b5690d47fddf937609683d9e75187

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 01:04

Target

98368ac9d90df00a717a50b40f5dbf95276b5690d47fddf937609683d9e75187.dll
Size

4KB
MD5

6fd95bc5d22307b7f1a64400204d5030
SHA1

dfa7947d717554d4c8178ac941621a4cd2e61a63
SHA256

98368ac9d90df00a717a50b40f5dbf95276b5690d47fddf937609683d9e75187
SHA512

b82fa8a18d88a7e99ed41a139908ec4440fa6f1728142c7fef7fed106019df438220d8f905ff659c6b8e1cfe50dcfa497ee45fbb84eb9b0fb56e41d359a11215
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+LLKfJOutyQv6hkzwRn81cpUWrwD/EvyII:TRphMzf8OJ0n81cpUNDcv8f+VZq

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/memory/1956-57-0x0000000074890000-0x0000000074898000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1956-57-0x0000000074890000-0x0000000074898000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1404 wrote to memory of 1956	1404	rundll32.exe	28
PID 1404 wrote to memory of 1956	1404	rundll32.exe	28
PID 1404 wrote to memory of 1956	1404	rundll32.exe	28
PID 1404 wrote to memory of 1956	1404	rundll32.exe	28
PID 1404 wrote to memory of 1956	1404	rundll32.exe	28
PID 1404 wrote to memory of 1956	1404	rundll32.exe	28
PID 1404 wrote to memory of 1956	1404	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\98368ac9d90df00a717a50b40f5dbf95276b5690d47fddf937609683d9e75187.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\98368ac9d90df00a717a50b40f5dbf95276b5690d47fddf937609683d9e75187.dll,#1
  2⤵
  PID:1956

memory/1956-55-0x0000000074F01000-0x0000000074F03000-memory.dmp

Filesize
8KB

Download
memory/1956-56-0x00000000748A0000-0x00000000748A8000-memory.dmp

Filesize
32KB

Download
memory/1956-57-0x0000000074890000-0x0000000074898000-memory.dmp

Filesize
32KB

Download