74291fad3bd45cc6462e710d0974cce079854826d2ab1cb3dd4cf6cd28f38f7d

Analysis

max time kernel
179s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 02:18

Target

74291fad3bd45cc6462e710d0974cce079854826d2ab1cb3dd4cf6cd28f38f7d.dll
Size

4KB
MD5

c93471153dc092974cd4f9ac3efce370
SHA1

3903a638d39dc1cdeb4381fd45b05fb5206b6c7a
SHA256

74291fad3bd45cc6462e710d0974cce079854826d2ab1cb3dd4cf6cd28f38f7d
SHA512

7c26f02c65f9478bae2cbdf56b8971128d89796cb171338db36c3384426f33a8ddc12b7212554930810ae4c8596e29d8b2cfa41c9cdd5bed3da68e7e078f5bdf
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+LmhuEYkTj3QVyep7wjOgQAmpNLGq49lez:TRphMzf8mhBYnyY7w/lX9leHLho6r

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/908-133-0x0000000075240000-0x0000000075248000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/908-133-0x0000000075240000-0x0000000075248000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4268 wrote to memory of 908	4268	rundll32.exe	68
PID 4268 wrote to memory of 908	4268	rundll32.exe	68
PID 4268 wrote to memory of 908	4268	rundll32.exe	68

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\74291fad3bd45cc6462e710d0974cce079854826d2ab1cb3dd4cf6cd28f38f7d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\74291fad3bd45cc6462e710d0974cce079854826d2ab1cb3dd4cf6cd28f38f7d.dll,#1
  2⤵
  PID:908

memory/908-133-0x0000000075240000-0x0000000075248000-memory.dmp

Filesize
32KB

Download