c143dcae892bc458e9f8e01ea5959fb152f9060224f87090297f842fa7373ffa

Analysis

max time kernel
134s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 01:05

Target

c143dcae892bc458e9f8e01ea5959fb152f9060224f87090297f842fa7373ffa.dll
Size

4KB
MD5

207f9cfbd4834c73a55f2df331891c90
SHA1

7b3d75097332bc64d69504f1283a143c38c2c52f
SHA256

c143dcae892bc458e9f8e01ea5959fb152f9060224f87090297f842fa7373ffa
SHA512

859f33172f0cf3b9a5f4b8ea5b92be18edc62d1c39ed1df5303eb38ea2b96ca329ccd5e4fafb2b816ddefb9efbe33a565bd75a23430c14e4761a36538e817058
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+L+A53w5GaZlyDkX12/7Y4W2aUdCj7n:TRphMzf8+iwplyAl2/7Y4/BdE7

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/4864-133-0x00000000754F0000-0x00000000754F8000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4864-133-0x00000000754F0000-0x00000000754F8000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 4864	5104	rundll32.exe	80
PID 5104 wrote to memory of 4864	5104	rundll32.exe	80
PID 5104 wrote to memory of 4864	5104	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c143dcae892bc458e9f8e01ea5959fb152f9060224f87090297f842fa7373ffa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c143dcae892bc458e9f8e01ea5959fb152f9060224f87090297f842fa7373ffa.dll,#1
  2⤵
  PID:4864

memory/4864-133-0x00000000754F0000-0x00000000754F8000-memory.dmp

Filesize
32KB

Download