bd86549535f56a68aaa7f3dfdcb43183197b6c0181efc4d135931db0b6ad78d7

Analysis

max time kernel
149s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 01:59

Target

bd86549535f56a68aaa7f3dfdcb43183197b6c0181efc4d135931db0b6ad78d7.dll
Size

4KB
MD5

26b67a076d64f1f5f78a8d405bcad060
SHA1

5d695bbd3fecd0539c9bc3d6eaef5118e9a1220a
SHA256

bd86549535f56a68aaa7f3dfdcb43183197b6c0181efc4d135931db0b6ad78d7
SHA512

808137af3473469bc8dbe2f8e592ade8d277fc3924f75a4ea7c9ee02f34896d80b35da4fcfd9251e81547f95df9d411f3c3f11506f8b3abbe246e20bda484cdb
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+LoX0walv92fpNsTaeuy31ysNO:TRphMzf8oX7+TaCnc

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/3724-133-0x0000000074FE0000-0x0000000074FE8000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3724-133-0x0000000074FE0000-0x0000000074FE8000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 3724	2244	rundll32.exe	78
PID 2244 wrote to memory of 3724	2244	rundll32.exe	78
PID 2244 wrote to memory of 3724	2244	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd86549535f56a68aaa7f3dfdcb43183197b6c0181efc4d135931db0b6ad78d7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bd86549535f56a68aaa7f3dfdcb43183197b6c0181efc4d135931db0b6ad78d7.dll,#1
  2⤵
  PID:3724

memory/3724-133-0x0000000074FE0000-0x0000000074FE8000-memory.dmp

Filesize
32KB

Download