6b9737418be38c47b4d6031931a3ba80bc549e45121ec97e741baad018ce6ed4

Analysis

max time kernel
94s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 15:55

Target

6b9737418be38c47b4d6031931a3ba80bc549e45121ec97e741baad018ce6ed4.dll
Size

4KB
MD5

08bf6d47d0bbf495df9e4f5d22a6beb0
SHA1

47889c24b6fe6d8cdd4e29cea969be36bddcc36e
SHA256

6b9737418be38c47b4d6031931a3ba80bc549e45121ec97e741baad018ce6ed4
SHA512

7e66b85d173cd646d6f938b5336f2e5cae2acb0d043ad329a83b2568575238016cdfac3c30933b73676bb5a85d1e3ee22b278a7dc627be6ee8a115d67b5d4bbe
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+Lw8HyvHH/nu206Kuc0xGc:TRphMzf8w8HyvHH/ujc

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/4276-133-0x0000000074BC0000-0x0000000074BC8000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4276-133-0x0000000074BC0000-0x0000000074BC8000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 4276	2376	rundll32.exe	78
PID 2376 wrote to memory of 4276	2376	rundll32.exe	78
PID 2376 wrote to memory of 4276	2376	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b9737418be38c47b4d6031931a3ba80bc549e45121ec97e741baad018ce6ed4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6b9737418be38c47b4d6031931a3ba80bc549e45121ec97e741baad018ce6ed4.dll,#1
  2⤵
  PID:4276

memory/4276-133-0x0000000074BC0000-0x0000000074BC8000-memory.dmp

Filesize
32KB

Download