be7f9c6015c1bfff3173610ee1585d7d30df70c84c951b1ea429d7c004cad243

Analysis

max time kernel
137s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06-04-2024 11:45

Target

BleachBit-Portable/_win32sysloader.dll
Size

6KB
MD5

ad864f447ca3b4a0a28ee67cbba25f5b
SHA1

44fd485e14b69e0f1206e096f5fe67a03c851b7f
SHA256

aa7637c7f4292f8525b876e9731d157eaaf2f3100c5711717d475c02c4b1a9d0
SHA512

8a0dd26159af357560d741d8ad5ec68a3e492ab958f24493f44cef5769439978426d2f7d2656549d61493d21bd39421bba4a1bbb79f1b3f0ac4e9f3ea5fe9777
SSDEEP

96:uLWdX69ydSP1Lfhhr0iE0Q+BdI1SfJVc2SpcG1SHN7haBOA8C7tCFTv:jdMysDhJE1+BOSfYpcGEtkrC

Score

7^/10

upx

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral10/memory/3648-0-0x000000001E3B0000-0x000000001E3B9000-memory.dmp	acprotect
behavioral10/memory/3648-2-0x000000001E3B0000-0x000000001E3B9000-memory.dmp	acprotect

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral10/memory/3648-0-0x000000001E3B0000-0x000000001E3B9000-memory.dmp	upx
behavioral10/memory/3648-1-0x000000001E000000-0x000000001E24F000-memory.dmp	upx
behavioral10/memory/3648-2-0x000000001E3B0000-0x000000001E3B9000-memory.dmp	upx
behavioral10/memory/3648-3-0x000000001E000000-0x000000001E24F000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1504	3648	WerFault.exe	92

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3380 wrote to memory of 3648	3380	rundll32.exe	92
PID 3380 wrote to memory of 3648	3380	rundll32.exe	92
PID 3380 wrote to memory of 3648	3380	rundll32.exe	92

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\BleachBit-Portable\_win32sysloader.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\BleachBit-Portable\_win32sysloader.dll,#1
  2⤵
  PID:3648
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 864
    3⤵
    - Program crash
    PID:1504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3648 -ip 3648
1⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:2520

memory/3648-0-0x000000001E3B0000-0x000000001E3B9000-memory.dmp

Filesize
36KB

Download
memory/3648-1-0x000000001E000000-0x000000001E24F000-memory.dmp

Filesize
2.3MB

Download
memory/3648-2-0x000000001E3B0000-0x000000001E3B9000-memory.dmp

Filesize
36KB

Download
memory/3648-3-0x000000001E000000-0x000000001E24F000-memory.dmp

Filesize
2.3MB

Download