9f5ccf01f1c019da473e81593536aed6ed7cd44e3ce78ce845accebe5ee6dcf9

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:53

Target

$PLUGINSDIR/md5dll.dll
Size

6KB
MD5

7059f133ea2316b9e7e39094a52a8c34
SHA1

ee9f1487c8152d8c42fecf2efb8ed1db68395802
SHA256

32c3d36f38e7e8a8bafd4a53663203ef24a10431bda16af9e353c7d5d108610f
SHA512

9115986754a74d3084dd18018e757d3b281a2c2fde48c73b71dba882e13bd9b2ded0e6e7f45dc5b019e6d53d086090ccb06e18e6efeec091f655a128510cbe51
SSDEEP

96:5mArJv6F3TqDmgK4ghEin1US36eHQZDUDgGogZcko5Nt4AMP:5XJ63LhR6inZ6dsgZkKQT

Score

7^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
behavioral11/memory/2248-0-0x0000000010000000-0x000000001000A000-memory.dmp	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
behavioral11/memory/2248-0-0x0000000010000000-0x000000001000A000-memory.dmp	upx

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process

2252 2248 WerFault.exe

pid	pid_target	process
2252	2248	WerFault.exe

Suspicious use of WriteProcessMemory 11 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 2220 wrote to memory of 2248	2220	rundll32.exe	rundll32.exe
PID 2220 wrote to memory of 2248	2220	rundll32.exe	rundll32.exe
PID 2220 wrote to memory of 2248	2220	rundll32.exe	rundll32.exe
PID 2220 wrote to memory of 2248	2220	rundll32.exe	rundll32.exe
PID 2220 wrote to memory of 2248	2220	rundll32.exe	rundll32.exe
PID 2220 wrote to memory of 2248	2220	rundll32.exe	rundll32.exe
PID 2220 wrote to memory of 2248	2220	rundll32.exe	rundll32.exe
PID 2248 wrote to memory of 2252	2248	rundll32.exe	WerFault.exe
PID 2248 wrote to memory of 2252	2248	rundll32.exe	WerFault.exe
PID 2248 wrote to memory of 2252	2248	rundll32.exe	WerFault.exe
PID 2248 wrote to memory of 2252	2248	rundll32.exe	WerFault.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\md5dll.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2220

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\md5dll.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 224
3⤵
- Program crash
PID:2252

memory/2248-0-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download