17186b46a722cca6b2f4bda6fef7b47350d59ece67d648f1e17d63741b4eb34d

Analysis

max time kernel
40s
max time network
31s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
29-11-2022 05:11

Target

17186b46a722cca6b2f4bda6fef7b47350d59ece67d648f1e17d63741b4eb34d.dll
Size

4KB
MD5

101128be16105a092e30ced01e26f540
SHA1

322bd88479fc9e974239eff0f8a72ce58384b48b
SHA256

17186b46a722cca6b2f4bda6fef7b47350d59ece67d648f1e17d63741b4eb34d
SHA512

59b4fc9e3da1b025b9ce03210dd9c302b59e6ddb2c13a91a980897f095e6ad07476582acd2604046b3d3267079ca0d07e649b70b4ee469ef7a15da922370a0ce
SSDEEP

96:TRphMzf85ab7uYAfV6qtiMPDz4jgxybIp:NpOr8QbdAVBLz4Syu

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/memory/1012-57-0x0000000075290000-0x0000000075298000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1012-57-0x0000000075290000-0x0000000075298000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 956 wrote to memory of 1012	956	rundll32.exe	28
PID 956 wrote to memory of 1012	956	rundll32.exe	28
PID 956 wrote to memory of 1012	956	rundll32.exe	28
PID 956 wrote to memory of 1012	956	rundll32.exe	28
PID 956 wrote to memory of 1012	956	rundll32.exe	28
PID 956 wrote to memory of 1012	956	rundll32.exe	28
PID 956 wrote to memory of 1012	956	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17186b46a722cca6b2f4bda6fef7b47350d59ece67d648f1e17d63741b4eb34d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\17186b46a722cca6b2f4bda6fef7b47350d59ece67d648f1e17d63741b4eb34d.dll,#1
  2⤵
  PID:1012

memory/1012-55-0x00000000767F1000-0x00000000767F3000-memory.dmp

Filesize
8KB

Download
memory/1012-56-0x00000000752A0000-0x00000000752A8000-memory.dmp

Filesize
32KB

Download
memory/1012-57-0x0000000075290000-0x0000000075298000-memory.dmp

Filesize
32KB

Download