Overview

overview

7

Static

static

1

2d753841f8...21.dll

windows7-x64

7

2d753841f8...21.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    143s
  • max time network
    89s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 16:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d753841f8aa425111be15d60ba55821.dll

  • Size

    228KB

  • MD5

    2d753841f8aa425111be15d60ba55821

  • SHA1

    2b9a549e83400cfe86225b227174f4a1cea6071f

  • SHA256

    06fe1b18a1262ddd968c73f1c882ddac90f83809da404c865e784eda1df5cd65

  • SHA512

    cf9859a0edf72a2e33102dad8b37ea7c45cd0e6166037fdf8f78bca5b56078fd5b74b869d0e14db52b1de202cf099a81c8e5ea06fb91396e1256a29b946ba564

  • SSDEEP

    6144:y+ZQSCX+9cl4d8kDhMUFfQHuUAv+qdbC8S89V:XZQRGm4dzDhzfeR6bF9V

Score
7/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Loads dropped DLL 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 1 IoCs
  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d753841f8aa425111be15d60ba55821.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4676
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d753841f8aa425111be15d60ba55821.dll,#1
      2⤵
      • Loads dropped DLL
      • Drops file in Program Files directory
      PID:2416
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 596
        3⤵
        • Program crash
        PID:2004
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 604
        3⤵
        • Program crash
        PID:2572
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2416 -ip 2416
    1⤵
      PID:4556
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2416 -ip 2416
      1⤵
        PID:8

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files\Common Files\System\symsrv.dll
        Filesize

        71KB

        MD5

        bf8084efb36a3974d46604f308b7ea65

        SHA1

        94f0f16b6c35a2451eb6392e13930fda3229d8b1

        SHA256

        611c4b289a0a7b9b6acbe3d9d03a3799e52174eab3d8288e242e1006c78c264a

        SHA512

        0200870637be49cd867372cb85613ad347b927a00aae0ecebf300014a341ee29673030282092e7cd1a8299866dacca90e522755ed3d4eb45daef7d00c729a7c5

        Download Submit

      • memory/2416-4-0x0000000010000000-0x0000000010032000-memory.dmp

        Filesize

        200KB

        Download

      • memory/2416-5-0x0000000075620000-0x0000000075649000-memory.dmp

        Filesize

        164KB

        Download

      • memory/2416-7-0x0000000010000000-0x0000000010032000-memory.dmp

        Filesize

        200KB

        Download