4700a729aa15aaebb54a51681173f8b6acd0e8a58769ff9c4fc5f1b9ce7a9218 | Triage

Analysis

max time kernel
3s
max time network
50s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
14/10/2022, 10:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4700a729aa15aaebb54a51681173f8b6acd0e8a58769ff9c4fc5f1b9ce7a9218.dll
Size

3KB
MD5

426ce35179a5c6eced4a4c6accf96c4f
SHA1

8f7e5c6a09f45164349f2c3ec2443952dc4f1dc4
SHA256

4700a729aa15aaebb54a51681173f8b6acd0e8a58769ff9c4fc5f1b9ce7a9218
SHA512

d8e3ea82390614f765a788c7d5fa4eaac2a2a7fe2ca27dbbfc24c30fdb2ed219dffdb147370c5ab41e468aa26492fea6d81e4e996bf30838646967d779e5167a

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/memory/744-57-0x0000000074F00000-0x0000000074F08000-memory.dmp	acprotect
behavioral1/memory/744-58-0x0000000074F00000-0x0000000074F08000-memory.dmp	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/744-57-0x0000000074F00000-0x0000000074F08000-memory.dmp	upx
behavioral1/memory/744-58-0x0000000074F00000-0x0000000074F08000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1196 wrote to memory of 744	1196	rundll32.exe	28
PID 1196 wrote to memory of 744	1196	rundll32.exe	28
PID 1196 wrote to memory of 744	1196	rundll32.exe	28
PID 1196 wrote to memory of 744	1196	rundll32.exe	28
PID 1196 wrote to memory of 744	1196	rundll32.exe	28
PID 1196 wrote to memory of 744	1196	rundll32.exe	28
PID 1196 wrote to memory of 744	1196	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4700a729aa15aaebb54a51681173f8b6acd0e8a58769ff9c4fc5f1b9ce7a9218.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4700a729aa15aaebb54a51681173f8b6acd0e8a58769ff9c4fc5f1b9ce7a9218.dll,#1
  2⤵
  PID:744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/744-55-0x0000000075BA1000-0x0000000075BA3000-memory.dmp

Filesize
8KB

Download
memory/744-56-0x0000000074F10000-0x0000000074F18000-memory.dmp

Filesize
32KB

Download
memory/744-57-0x0000000074F00000-0x0000000074F08000-memory.dmp

Filesize
32KB

Download
memory/744-58-0x0000000074F00000-0x0000000074F08000-memory.dmp

Filesize
32KB

Download