2713bdd1cfbc6fa17d66b22fca969511457425e3dbae6a5c826865b5d26576ef | Triage

Analysis

max time kernel
95s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 23:17

Sharing

Report Analysis Logs

General

Target

2713bdd1cfbc6fa17d66b22fca969511457425e3dbae6a5c826865b5d26576ef.dll
Size

3KB
MD5

3baeffa32e4ee039c2f08fdb915525d0
SHA1

019cef6761d3808818104fc624a2b15aefe1934f
SHA256

2713bdd1cfbc6fa17d66b22fca969511457425e3dbae6a5c826865b5d26576ef
SHA512

f3220acbe272e576d9f251697b28f1f779053f4df947fe8779146232165c713f02a4ca70899a14c24818aea2d4086becc58eee7fa1731c0018222689903c62e4

Score

9^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/3880-133-0x0000000075210000-0x0000000075218000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3880-133-0x0000000075210000-0x0000000075218000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3168 wrote to memory of 3880	3168	rundll32.exe	79
PID 3168 wrote to memory of 3880	3168	rundll32.exe	79
PID 3168 wrote to memory of 3880	3168	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2713bdd1cfbc6fa17d66b22fca969511457425e3dbae6a5c826865b5d26576ef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2713bdd1cfbc6fa17d66b22fca969511457425e3dbae6a5c826865b5d26576ef.dll,#1
  2⤵
  PID:3880

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3880-133-0x0000000075210000-0x0000000075218000-memory.dmp

Filesize
32KB

Download