54588eb951a180118ca00d2251bb6ea3a3df5963a6e796d3c7d411dae3177ca9

Analysis

max time kernel
173s
max time network
186s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 04:59

Target

54588eb951a180118ca00d2251bb6ea3a3df5963a6e796d3c7d411dae3177ca9.dll
Size

4KB
MD5

ec6f24b2f72292e9367c86ad993a1720
SHA1

b434f3728c8645f18ff7f8bef08654dadda40099
SHA256

54588eb951a180118ca00d2251bb6ea3a3df5963a6e796d3c7d411dae3177ca9
SHA512

aa908e2200ff61689bf9a84debf3c99a13bebf7e28c176fc1e04b675c5a05de1cacf79153e022fce30ee26fc8f8521994ebdc816d0c0b944acae1480d0d07184
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+LddKXLsH+5nr9A7LlSy0Nom8M5n:TRphMzf8z6LZa4b8M5n

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/4040-133-0x0000000074A50000-0x0000000074A58000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4040-133-0x0000000074A50000-0x0000000074A58000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 4040	4632	rundll32.exe	82
PID 4632 wrote to memory of 4040	4632	rundll32.exe	82
PID 4632 wrote to memory of 4040	4632	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\54588eb951a180118ca00d2251bb6ea3a3df5963a6e796d3c7d411dae3177ca9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\54588eb951a180118ca00d2251bb6ea3a3df5963a6e796d3c7d411dae3177ca9.dll,#1
  2⤵
  PID:4040

memory/4040-133-0x0000000074A50000-0x0000000074A58000-memory.dmp

Filesize
32KB

Download