10421c6f6c6a47d31ff0ae15e139f7b0cca3531e04459402f20f6c65240bd2a0

Analysis

max time kernel
151s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 01:32

Target

10421c6f6c6a47d31ff0ae15e139f7b0cca3531e04459402f20f6c65240bd2a0.dll
Size

4KB
MD5

7df86ce20c742d4493bca1ef0b8c2910
SHA1

5255478604244df0bec321fc1ef123a0e65de0bf
SHA256

10421c6f6c6a47d31ff0ae15e139f7b0cca3531e04459402f20f6c65240bd2a0
SHA512

71cde95f11700bd2ea4356544f0fe081cec3133c72b6c2ab5cddca81c9d9368d7f991bf004ea012cd3a86c4a377dab89a3ae13241ee3406e10638a8ba076965f
SSDEEP

48:a5zuMqBcq06phM/wwWLSeJY8JTa6Il+Lua+fRteE5xJhyPjny3PNEJdBomrntS7f:TRphMzf810y4vhGy31EJd+mrntSO2

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/4556-133-0x0000000074E30000-0x0000000074E38000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4556-133-0x0000000074E30000-0x0000000074E38000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4248 wrote to memory of 4556	4248	rundll32.exe	79
PID 4248 wrote to memory of 4556	4248	rundll32.exe	79
PID 4248 wrote to memory of 4556	4248	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\10421c6f6c6a47d31ff0ae15e139f7b0cca3531e04459402f20f6c65240bd2a0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\10421c6f6c6a47d31ff0ae15e139f7b0cca3531e04459402f20f6c65240bd2a0.dll,#1
  2⤵
  PID:4556

memory/4556-133-0x0000000074E30000-0x0000000074E38000-memory.dmp

Filesize
32KB

Download