70a56bc6d9406147eaa8611dca394ec55d826ff5ca876428c0effc21824e535e

Analysis

max time kernel
282s
max time network
302s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 02:19

Target

70a56bc6d9406147eaa8611dca394ec55d826ff5ca876428c0effc21824e535e.dll
Size

4KB
MD5

251985c634672ee02f7618baa4b8d570
SHA1

24036991f7ab57a2e01dd828b108c29442cd1536
SHA256

70a56bc6d9406147eaa8611dca394ec55d826ff5ca876428c0effc21824e535e
SHA512

dfbd8e50e1dc86cab78799534015e1c6699e7578bbe150a30f7efabd7561601c38db2efeb65d38f15890a78dc842975fc9fc3b0aa831d4c97bd7d1bbc1025338
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+LfuAFojZSosWyvWfsMgnO+SNgj7nyaX:TRphMzf8G24sZukMgO+SGjbNX

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/3408-133-0x00000000756E0000-0x00000000756E8000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3408-133-0x00000000756E0000-0x00000000756E8000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 3408	4956	rundll32.exe	80
PID 4956 wrote to memory of 3408	4956	rundll32.exe	80
PID 4956 wrote to memory of 3408	4956	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\70a56bc6d9406147eaa8611dca394ec55d826ff5ca876428c0effc21824e535e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\70a56bc6d9406147eaa8611dca394ec55d826ff5ca876428c0effc21824e535e.dll,#1
  2⤵
  PID:3408

memory/3408-133-0x00000000756E0000-0x00000000756E8000-memory.dmp

Filesize
32KB

Download