98094706c5a69f887f11651dd79cd93687f2dedcc31deb506431440601f3fd4a

Analysis

max time kernel
168s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 01:14

Target

98094706c5a69f887f11651dd79cd93687f2dedcc31deb506431440601f3fd4a.dll
Size

4KB
MD5

b60a16e57258ac2de1736542250c9350
SHA1

528ab6aead47a88cbd313b866e1f674e257d12f4
SHA256

98094706c5a69f887f11651dd79cd93687f2dedcc31deb506431440601f3fd4a
SHA512

879703a4c6870adf4a76bbfdab6013fa5d473842718970d0e7e00b0fb8fe8096ec7e9c84eedde98aac996b1e63719aebc024542d5c202143d6432550af57fe8d
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+L1jYDQRkfdeGkWyZZI9O:TRphMzf8iZf2+Q

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/4768-133-0x00000000751B0000-0x00000000751B8000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4768-133-0x00000000751B0000-0x00000000751B8000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 4768	1416	rundll32.exe	79
PID 1416 wrote to memory of 4768	1416	rundll32.exe	79
PID 1416 wrote to memory of 4768	1416	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\98094706c5a69f887f11651dd79cd93687f2dedcc31deb506431440601f3fd4a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\98094706c5a69f887f11651dd79cd93687f2dedcc31deb506431440601f3fd4a.dll,#1
  2⤵
  PID:4768

memory/4768-133-0x00000000751B0000-0x00000000751B8000-memory.dmp

Filesize
32KB

Download