2713bdd1cfbc6fa17d66b22fca969511457425e3dbae6a5c826865b5d26576ef

Analysis

max time kernel
44s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-12-2022 23:17

Target

2713bdd1cfbc6fa17d66b22fca969511457425e3dbae6a5c826865b5d26576ef.dll
Size

3KB
MD5

3baeffa32e4ee039c2f08fdb915525d0
SHA1

019cef6761d3808818104fc624a2b15aefe1934f
SHA256

2713bdd1cfbc6fa17d66b22fca969511457425e3dbae6a5c826865b5d26576ef
SHA512

f3220acbe272e576d9f251697b28f1f779053f4df947fe8779146232165c713f02a4ca70899a14c24818aea2d4086becc58eee7fa1731c0018222689903c62e4

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/memory/672-57-0x0000000074AD0000-0x0000000074AD8000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/672-57-0x0000000074AD0000-0x0000000074AD8000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1268 wrote to memory of 672	1268	rundll32.exe	26
PID 1268 wrote to memory of 672	1268	rundll32.exe	26
PID 1268 wrote to memory of 672	1268	rundll32.exe	26
PID 1268 wrote to memory of 672	1268	rundll32.exe	26
PID 1268 wrote to memory of 672	1268	rundll32.exe	26
PID 1268 wrote to memory of 672	1268	rundll32.exe	26
PID 1268 wrote to memory of 672	1268	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2713bdd1cfbc6fa17d66b22fca969511457425e3dbae6a5c826865b5d26576ef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2713bdd1cfbc6fa17d66b22fca969511457425e3dbae6a5c826865b5d26576ef.dll,#1
  2⤵
  PID:672

memory/672-54-0x0000000000000000-mapping.dmp

Download
memory/672-55-0x0000000074F41000-0x0000000074F43000-memory.dmp

Filesize
8KB

Download
memory/672-56-0x0000000074AE0000-0x0000000074AE8000-memory.dmp

Filesize
32KB

Download
memory/672-57-0x0000000074AD0000-0x0000000074AD8000-memory.dmp

Filesize
32KB

Download
memory/672-58-0x0000000074AE0000-0x0000000074AE8000-memory.dmp

Filesize
32KB

Download
memory/672-59-0x0000000074AE0000-0x0000000074AE8000-memory.dmp

Filesize
32KB

Download