5bc4d7f3a8436d22f70baf6ae5462782208255f840504b4b37ff3cd3ef2d9b41

Analysis

max time kernel
34s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 04:58

Target

5bc4d7f3a8436d22f70baf6ae5462782208255f840504b4b37ff3cd3ef2d9b41.dll
Size

4KB
MD5

01c3b149b635b0925f3e8a5e923c5350
SHA1

d643856d22cbbd1538cc4faee5eb5b2c449c75ab
SHA256

5bc4d7f3a8436d22f70baf6ae5462782208255f840504b4b37ff3cd3ef2d9b41
SHA512

95c4da9cfe2255b87fdc9b4935060aec409cbc01c3d3e5f740065c812a85e0d7ac9fc3671abfdc8f6cfbdd347417b023907f7a896ad46cf1f3b05b358ecffc2d
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+Li85eKVHxcsXlJLuW9Y/OXMkgxWtaVR+0:TRphMzf8iNKVjlJS/tWtaD+gnOofN

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/memory/980-57-0x0000000074C50000-0x0000000074C58000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/980-57-0x0000000074C50000-0x0000000074C58000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 980	1368	rundll32.exe	27
PID 1368 wrote to memory of 980	1368	rundll32.exe	27
PID 1368 wrote to memory of 980	1368	rundll32.exe	27
PID 1368 wrote to memory of 980	1368	rundll32.exe	27
PID 1368 wrote to memory of 980	1368	rundll32.exe	27
PID 1368 wrote to memory of 980	1368	rundll32.exe	27
PID 1368 wrote to memory of 980	1368	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5bc4d7f3a8436d22f70baf6ae5462782208255f840504b4b37ff3cd3ef2d9b41.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5bc4d7f3a8436d22f70baf6ae5462782208255f840504b4b37ff3cd3ef2d9b41.dll,#1
  2⤵
  PID:980

memory/980-55-0x0000000076071000-0x0000000076073000-memory.dmp

Filesize
8KB

Download
memory/980-56-0x0000000074C60000-0x0000000074C68000-memory.dmp

Filesize
32KB

Download
memory/980-57-0x0000000074C50000-0x0000000074C58000-memory.dmp

Filesize
32KB

Download