72612f9d0929a743e2026c7deac1b3b6fe447c470ed55abebde6aef9b806ec48

Analysis

max time kernel
268s
max time network
320s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 04:54

Target

72612f9d0929a743e2026c7deac1b3b6fe447c470ed55abebde6aef9b806ec48.dll
Size

4KB
MD5

503e8ad5f6f70fd105fbc039a0847c90
SHA1

a0492a44d619dda284fcc0a66545d9915c7d36ec
SHA256

72612f9d0929a743e2026c7deac1b3b6fe447c470ed55abebde6aef9b806ec48
SHA512

69cb11356a64b467d2d68665132cc9c980c4f0ac99b09f9feab702f742e11037da4a9bc01b9e5139dd610e41b10d182c11acd70fda6ee602a6b5a91139cb86e6
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+LNGM0zwPh8GDdeB90wZ5wkLZA0bHdovqS:TRphMzf8UZzwGxHZ5w8GEdNaVm9ZpQhZ

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/2272-133-0x0000000074D70000-0x0000000074D78000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2272-133-0x0000000074D70000-0x0000000074D78000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 2272	2744	rundll32.exe	80
PID 2744 wrote to memory of 2272	2744	rundll32.exe	80
PID 2744 wrote to memory of 2272	2744	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\72612f9d0929a743e2026c7deac1b3b6fe447c470ed55abebde6aef9b806ec48.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\72612f9d0929a743e2026c7deac1b3b6fe447c470ed55abebde6aef9b806ec48.dll,#1
  2⤵
  PID:2272

memory/2272-133-0x0000000074D70000-0x0000000074D78000-memory.dmp

Filesize
32KB

Download