ffec1e28e8114b8b6c4a150412f9d4787974b41186f72aa57933af2dd3d73326

Analysis

max time kernel
141s
max time network
127s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
19/07/2023, 11:29

Target

easy_Benign_ffec1e28e8114b8b6c4a150412f9d4787974b41186f72aa57933af2dd3d73326.dll
Size

5KB
MD5

419dde60c503fcd63cd47af6d2c4aff1
SHA1

85e3b53de0018685ef7fd00977a36b0bdc073668
SHA256

ffec1e28e8114b8b6c4a150412f9d4787974b41186f72aa57933af2dd3d73326
SHA512

218cac2bf4199cd57a86736ead52806350ebe3698eadcac61e03e653859c39773e3a2d22ece3a560362a6f1d51b93d9de2389ca2e8eca17c9a7e1a29e23d044a
SSDEEP

48:6BqvR+oisA/jGtJDAhFYUWQJg5dcipdK2JhIN3qO9UytVXMa84rygy5ISBo1SeJ2:i9o3rU9En1IrWytx7GjSSBox01s+k

Score

7^/10

upx

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/memory/2200-53-0x0000000010020000-0x000000001002B000-memory.dmp	acprotect
behavioral1/memory/2200-54-0x0000000010020000-0x000000001002B000-memory.dmp	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2200-53-0x0000000010020000-0x000000001002B000-memory.dmp	upx
behavioral1/memory/2200-54-0x0000000010020000-0x000000001002B000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2640	2200	WerFault.exe	28

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 2200	2600	rundll32.exe	28
PID 2600 wrote to memory of 2200	2600	rundll32.exe	28
PID 2600 wrote to memory of 2200	2600	rundll32.exe	28
PID 2600 wrote to memory of 2200	2600	rundll32.exe	28
PID 2600 wrote to memory of 2200	2600	rundll32.exe	28
PID 2600 wrote to memory of 2200	2600	rundll32.exe	28
PID 2600 wrote to memory of 2200	2600	rundll32.exe	28
PID 2200 wrote to memory of 2640	2200	rundll32.exe	29
PID 2200 wrote to memory of 2640	2200	rundll32.exe	29
PID 2200 wrote to memory of 2640	2200	rundll32.exe	29
PID 2200 wrote to memory of 2640	2200	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\easy_Benign_ffec1e28e8114b8b6c4a150412f9d4787974b41186f72aa57933af2dd3d73326.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\easy_Benign_ffec1e28e8114b8b6c4a150412f9d4787974b41186f72aa57933af2dd3d73326.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2200
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 228
    3⤵
    - Program crash
    PID:2640

memory/2200-53-0x0000000010020000-0x000000001002B000-memory.dmp

Filesize
44KB

Download
memory/2200-54-0x0000000010020000-0x000000001002B000-memory.dmp

Filesize
44KB

Download