fd0142c6d8c43f324f9d67ac194af6405fe03e8d8253e97d0dfcba025bcc4e7d

Analysis

max time kernel
144s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 22:01

Target

fd0142c6d8c43f324f9d67ac194af6405fe03e8d8253e97d0dfcba025bcc4e7d.dll
Size

4KB
MD5

10bfdaa97f7d812e302401761c3f7820
SHA1

9657c7477c1c2cc00b49fc47a5cad261d5f06a56
SHA256

fd0142c6d8c43f324f9d67ac194af6405fe03e8d8253e97d0dfcba025bcc4e7d
SHA512

89d815f874b917cf7779940f2cbad804997b3ba09d3ee14c64790112e64c13a69b8393c241df14abea3d6ad8b7f65b8b7ea2991a9534b0d102f7c4f0b494a4be
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+L15sNNK7a89u12kFE0NJt53gZG8Qissm2:TRphMzf815sNR89KHNJU8Km4ZL

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/3708-133-0x0000000074C60000-0x0000000074C68000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3708-133-0x0000000074C60000-0x0000000074C68000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4212 wrote to memory of 3708	4212	rundll32.exe	81
PID 4212 wrote to memory of 3708	4212	rundll32.exe	81
PID 4212 wrote to memory of 3708	4212	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd0142c6d8c43f324f9d67ac194af6405fe03e8d8253e97d0dfcba025bcc4e7d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd0142c6d8c43f324f9d67ac194af6405fe03e8d8253e97d0dfcba025bcc4e7d.dll,#1
  2⤵
  PID:3708

memory/3708-133-0x0000000074C60000-0x0000000074C68000-memory.dmp

Filesize
32KB

Download