9f678c9510d30fe1d52abf29b0bd4cfbdb02c80787da2e1d3098fe8555edcbdf

Analysis

max time kernel
92s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-01-2024 21:27

Target

786f31369d044a84291cd99a035c2a1e.dll
Size

6KB
MD5

786f31369d044a84291cd99a035c2a1e
SHA1

16c2e49320bb1cfbf0de6ea9249380e1d12a1a8c
SHA256

9f678c9510d30fe1d52abf29b0bd4cfbdb02c80787da2e1d3098fe8555edcbdf
SHA512

aa5bf98a86a1d6590b2a944115599e665fb5c2c20982080a6c9ccce213674f6e539a82c9d9370ac513e4b4f74ef814d1d50508001f4fcf4ecfa8f7138f0b81ab
SSDEEP

96:nPhTcUZU+axHVyT8nFhN2VhCvfkBTtNTMP345QT3BL5aN4:npTrnsW8XN2VhIUNT84+tIC

Score

7^/10

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/536-0-0x0000000000400000-0x000000000040A000-memory.dmp	acprotect

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1412 wrote to memory of 536	1412	rundll32.exe	85
PID 1412 wrote to memory of 536	1412	rundll32.exe	85
PID 1412 wrote to memory of 536	1412	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\786f31369d044a84291cd99a035c2a1e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1412
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\786f31369d044a84291cd99a035c2a1e.dll,#1
  2⤵
  PID:536

memory/536-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download