688b800b17f6fb8513a4e48e8e962320bf2a5c4670795f5618ed6043777a7ab5 | Triage

Analysis

max time kernel
151s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 02:21

Sharing

Report Analysis Logs

General

Target

688b800b17f6fb8513a4e48e8e962320bf2a5c4670795f5618ed6043777a7ab5.dll
Size

3KB
MD5

fa69b272f055b09c67108f93728c6f50
SHA1

9934d1da6c65e518370fa098c45350407b031742
SHA256

688b800b17f6fb8513a4e48e8e962320bf2a5c4670795f5618ed6043777a7ab5
SHA512

116fbc6566af36bfbc3dc036ef52c82defae0a030c06b12d1f7af98e67332a875e867a76bf1a8b418fd3062f3e1d6f5a8a039abd51f3e1bd4891e1d68bbcf9ca

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/1804-133-0x0000000074A70000-0x0000000074A78000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1804-133-0x0000000074A70000-0x0000000074A78000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 1804	3528	rundll32.exe	82
PID 3528 wrote to memory of 1804	3528	rundll32.exe	82
PID 3528 wrote to memory of 1804	3528	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\688b800b17f6fb8513a4e48e8e962320bf2a5c4670795f5618ed6043777a7ab5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\688b800b17f6fb8513a4e48e8e962320bf2a5c4670795f5618ed6043777a7ab5.dll,#1
  2⤵
  PID:1804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1804-133-0x0000000074A70000-0x0000000074A78000-memory.dmp

Filesize
32KB

Download