Analysis
-
max time kernel
148s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
24/01/2024, 13:16
Behavioral task
behavioral1
Sample
72579b1d5820e397ac073a1b9e575f08.dll
Resource
win7-20231129-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
72579b1d5820e397ac073a1b9e575f08.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
72579b1d5820e397ac073a1b9e575f08.dll
-
Size
125KB
-
MD5
72579b1d5820e397ac073a1b9e575f08
-
SHA1
86f78ee1724572f43c86f4d26d188ef5e8f34df7
-
SHA256
5e446d1676b6b822ba73998cb1cb1d3ae62198f6faee8be7c2415a00976b0505
-
SHA512
b9327f7f08b5744a958930597444a6e0cda82dd0f2c70a78ca020e323f67d4db59b06abfda08f2f12c1d89fdd63b7fb93f263cfa8321cdfded66a619a37a6a4e
-
SSDEEP
3072:KNob4EAUROXQ2v3fRRK8lA4Sk5NNzTdTZ6XKCVkf+uip:KNobnhROXJv3Z08OsRJTM6yhl
Score
7/10
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
resource yara_rule behavioral2/memory/4972-0-0x0000000010000000-0x0000000010008000-memory.dmp acprotect -
resource yara_rule behavioral2/memory/4972-0-0x0000000010000000-0x0000000010008000-memory.dmp upx -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe 4972 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1224 wrote to memory of 4972 1224 rundll32.exe 84 PID 1224 wrote to memory of 4972 1224 rundll32.exe 84 PID 1224 wrote to memory of 4972 1224 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\72579b1d5820e397ac073a1b9e575f08.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1224 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\72579b1d5820e397ac073a1b9e575f08.dll,#12⤵
- Suspicious behavior: EnumeratesProcesses
PID:4972
-