6254f41cd50f9d2efc2402ba399f59b7d1091e44e60d2d795de1891698f84d74

Analysis

max time kernel
151s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 02:22

Target

6254f41cd50f9d2efc2402ba399f59b7d1091e44e60d2d795de1891698f84d74.dll
Size

4KB
MD5

c1cdae700c5d28afcb7c1ee963d93410
SHA1

45774ea1b14fb46be0dd1ff8550ecc34cdd5326b
SHA256

6254f41cd50f9d2efc2402ba399f59b7d1091e44e60d2d795de1891698f84d74
SHA512

aaeaa20109ffbae26e19125abe418b641923049441acad9ecd02f908e5e88b021781cab76be9139268c39691d8e54032ed32b70db1a80bb10635be4441236552
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+LM26v/B1fYa0JxwnLu835:TRphMzf8M2YrA4LuA

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/4088-133-0x0000000074C50000-0x0000000074C58000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4088-133-0x0000000074C50000-0x0000000074C58000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 4088	1424	rundll32.exe	79
PID 1424 wrote to memory of 4088	1424	rundll32.exe	79
PID 1424 wrote to memory of 4088	1424	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6254f41cd50f9d2efc2402ba399f59b7d1091e44e60d2d795de1891698f84d74.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6254f41cd50f9d2efc2402ba399f59b7d1091e44e60d2d795de1891698f84d74.dll,#1
  2⤵
  PID:4088

memory/4088-133-0x0000000074C50000-0x0000000074C58000-memory.dmp

Filesize
32KB

Download