dd939db8a09d880a5e7660f19972569e74b7d2d34a32eb2d950bd0db68aa0480 | Triage

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 00:58

Sharing

Report Analysis Logs

General

Target

094de71c7302e3ca9702513c40165512.dll
Size

5KB
MD5

094de71c7302e3ca9702513c40165512
SHA1

7d61c3adc45767495f1dd6eeca4af7f7a7438b7d
SHA256

dd939db8a09d880a5e7660f19972569e74b7d2d34a32eb2d950bd0db68aa0480
SHA512

c3db5bacdddb32a6ae763cce6229752200ef859f98b005b76a1458b8e60dcdb14cfbf47ac4c3d797ea4fde6381800265127cbcb4b355de494725ca426e3617ad
SSDEEP

96:d9XxPOlSMKOQO3cpaX2zNDX/pd0mJlPe3p5C7tCr3HD:T0bKi3cSYhX/pdFWZ5j

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/memory/1208-1-0x0000000075500000-0x000000007550A000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1208-1-0x0000000075500000-0x000000007550A000-memory.dmp	upx

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 1208	2356	rundll32.exe	28
PID 2356 wrote to memory of 1208	2356	rundll32.exe	28
PID 2356 wrote to memory of 1208	2356	rundll32.exe	28
PID 2356 wrote to memory of 1208	2356	rundll32.exe	28
PID 2356 wrote to memory of 1208	2356	rundll32.exe	28
PID 2356 wrote to memory of 1208	2356	rundll32.exe	28
PID 2356 wrote to memory of 1208	2356	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\094de71c7302e3ca9702513c40165512.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\094de71c7302e3ca9702513c40165512.dll,#1
  2⤵
  PID:1208

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1208-0-0x0000000075510000-0x000000007551A000-memory.dmp

Filesize
40KB

Download
memory/1208-1-0x0000000075500000-0x000000007550A000-memory.dmp

Filesize
40KB

Download
memory/1208-2-0x0000000075500000-0x000000007550A000-memory.dmp

Filesize
40KB

Download