21c621a64762a0199e04958b76ee9712a51090c17689a6cfc8435b123101fe58 | Triage

Analysis

max time kernel
144s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 06:31

Sharing

Report Analysis Logs

General

Target

8ba41bf690a40da9a08502743091ad6f.dll
Size

4KB
MD5

8ba41bf690a40da9a08502743091ad6f
SHA1

ea0dfe666a295cbc15e2b77ee78c5e4302896579
SHA256

21c621a64762a0199e04958b76ee9712a51090c17689a6cfc8435b123101fe58
SHA512

52671daaf8a2c5c8b4c77428e30a3bc104773350bacd6f742f143b8fc5daf47e7e1703d8d16011eadced71816315e22bef3ddada98704dc066af2b4a0b1f505c
SSDEEP

96:7hGsB1x6BPt6NkaFdBWG4CqqjgXUvCkxoT:7hGkK6TFTI+CF

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/memory/3468-0-0x0000000010000000-0x0000000010008000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/3468-0-0x0000000010000000-0x0000000010008000-memory.dmp	upx

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5980 wrote to memory of 3468	5980	rundll32.exe	86
PID 5980 wrote to memory of 3468	5980	rundll32.exe	86
PID 5980 wrote to memory of 3468	5980	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ba41bf690a40da9a08502743091ad6f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5980
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8ba41bf690a40da9a08502743091ad6f.dll,#1
  2⤵
  PID:3468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3468-0-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download