6e6a0455f4f610cbea5ab0ac53ecebe2214f70aeadf12b3a92f205540f4cda52

Analysis

max time kernel
92s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 01:25

Target

6e6a0455f4f610cbea5ab0ac53ecebe2214f70aeadf12b3a92f205540f4cda52.dll
Size

4KB
MD5

82b40084000f444e15d419ea9c926e80
SHA1

2b52ab075ea8dc9a6a9d9a77205920ba158b7619
SHA256

6e6a0455f4f610cbea5ab0ac53ecebe2214f70aeadf12b3a92f205540f4cda52
SHA512

2ec5c39f0514c0b895383f227ac91f52a5be3a5be7ff6f02e5d260b8336ec3a5c7f2ba7410de79eebb1c32c72b82f7b46752bb51e68ad3a58359803807c9ef6e
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+L3gcXBn2w7UEdOPXXwEV4ZfmC8S:TRphMzf83gcs0UerfmZS

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/4952-133-0x0000000074C30000-0x0000000074C38000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4952-133-0x0000000074C30000-0x0000000074C38000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 4952	2080	rundll32.exe	81
PID 2080 wrote to memory of 4952	2080	rundll32.exe	81
PID 2080 wrote to memory of 4952	2080	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e6a0455f4f610cbea5ab0ac53ecebe2214f70aeadf12b3a92f205540f4cda52.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6e6a0455f4f610cbea5ab0ac53ecebe2214f70aeadf12b3a92f205540f4cda52.dll,#1
  2⤵
  PID:4952

memory/4952-133-0x0000000074C30000-0x0000000074C38000-memory.dmp

Filesize
32KB

Download