865e2d347c6a68083ffa60143685031783961ce3ea7f0e876b863f293d4112b8

Analysis

max time kernel
269s
max time network
401s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 11:32

Target

865e2d347c6a68083ffa60143685031783961ce3ea7f0e876b863f293d4112b8.dll
Size

4KB
MD5

fafd645e53f39132fe453e07b58d1630
SHA1

16942f792498d9f19425a674397994caf08127f2
SHA256

865e2d347c6a68083ffa60143685031783961ce3ea7f0e876b863f293d4112b8
SHA512

8f703489f83bd745919ea43d2de5c795e076f47c874c20772334181d3a3767e80d24e78e08b4e97efe55b38eac76c28ed4fd9ce7357c52f72c87320ad081d642
SSDEEP

96:TRphMzf8XbMk7iKz47WrChAgD/4xTpLJU:NpOr8wK7qD/iTpLO

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/1160-133-0x00000000751F0000-0x00000000751F8000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/1160-133-0x00000000751F0000-0x00000000751F8000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4344 wrote to memory of 1160	4344	rundll32.exe	78
PID 4344 wrote to memory of 1160	4344	rundll32.exe	78
PID 4344 wrote to memory of 1160	4344	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\865e2d347c6a68083ffa60143685031783961ce3ea7f0e876b863f293d4112b8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\865e2d347c6a68083ffa60143685031783961ce3ea7f0e876b863f293d4112b8.dll,#1
  2⤵
  PID:1160

memory/1160-133-0x00000000751F0000-0x00000000751F8000-memory.dmp

Filesize
32KB

Download