99888ed860f676207a667a3f010becd3dd5a40205fb33ee3e1d7cd9b91691dda | Triage

Analysis

max time kernel
36s
max time network
42s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02-12-2022 02:08

Sharing

Report Analysis Logs

General

Target

99888ed860f676207a667a3f010becd3dd5a40205fb33ee3e1d7cd9b91691dda.dll
Size

3KB
MD5

9f3b9d9aa18425fa1918893e91e8bcd0
SHA1

86d85117685d00d3068544310a461b68662fb21f
SHA256

99888ed860f676207a667a3f010becd3dd5a40205fb33ee3e1d7cd9b91691dda
SHA512

5c76c357163159192578b8633e1f06e5ba59c258330f9f659bb92388525647a959e4882583ec5916c28a19f5f7bcb77ed8155dd66c233149b4195ac9f2aae675

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/memory/832-57-0x0000000074FE0000-0x0000000074FE8000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/832-57-0x0000000074FE0000-0x0000000074FE8000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 576 wrote to memory of 832	576	rundll32.exe	26
PID 576 wrote to memory of 832	576	rundll32.exe	26
PID 576 wrote to memory of 832	576	rundll32.exe	26
PID 576 wrote to memory of 832	576	rundll32.exe	26
PID 576 wrote to memory of 832	576	rundll32.exe	26
PID 576 wrote to memory of 832	576	rundll32.exe	26
PID 576 wrote to memory of 832	576	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\99888ed860f676207a667a3f010becd3dd5a40205fb33ee3e1d7cd9b91691dda.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:576
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\99888ed860f676207a667a3f010becd3dd5a40205fb33ee3e1d7cd9b91691dda.dll,#1
  2⤵
  PID:832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/832-54-0x0000000000000000-mapping.dmp

Download
memory/832-55-0x0000000075911000-0x0000000075913000-memory.dmp

Filesize
8KB

Download
memory/832-56-0x0000000074FF0000-0x0000000074FF8000-memory.dmp

Filesize
32KB

Download
memory/832-57-0x0000000074FE0000-0x0000000074FE8000-memory.dmp

Filesize
32KB

Download