15ebd3f90d9286877e6f76241f0bc405b8615b40aef23c2757a005a0364a0c81

Analysis

max time kernel
109s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 18:58

Target

15ebd3f90d9286877e6f76241f0bc405b8615b40aef23c2757a005a0364a0c81.dll
Size

4KB
MD5

192fcc909eb4314ff300be00ae9ba2a0
SHA1

afa39584c5a80d88b5be99da3745797a09892733
SHA256

15ebd3f90d9286877e6f76241f0bc405b8615b40aef23c2757a005a0364a0c81
SHA512

30c9a7dfa1f7e63afd7a2ac08a4e594aa20d6bf88848015d9a758bbdf12da0ea1775919ab1b11f78b8eddb52eb674778cef2f62adee772f84e62418d88dc7476
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+LR3ucMw2X3K8JbH+VjH7t1OGrv+h5h+8M:TRphMzf8RAVH+V77fZd8ca5RcP

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/4840-133-0x0000000074B60000-0x0000000074B68000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4840-133-0x0000000074B60000-0x0000000074B68000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4984 wrote to memory of 4840	4984	rundll32.exe	81
PID 4984 wrote to memory of 4840	4984	rundll32.exe	81
PID 4984 wrote to memory of 4840	4984	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\15ebd3f90d9286877e6f76241f0bc405b8615b40aef23c2757a005a0364a0c81.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\15ebd3f90d9286877e6f76241f0bc405b8615b40aef23c2757a005a0364a0c81.dll,#1
  2⤵
  PID:4840

memory/4840-133-0x0000000074B60000-0x0000000074B68000-memory.dmp

Filesize
32KB

Download