9874fdb517afe0221d2ed253b64e5c05b8af19e5dcc2b4df4d88a5cbae1a1091 | Triage

Analysis

max time kernel
122s
max time network
146s
platform
windows10_x64
resource
win10-en-20211208
submitted
28-01-2022 19:30

Sharing

Report Analysis Logs

General

Target

12.dll
Size

10.0MB
MD5

ed6933897c37cfd9a323e177bcb11707
SHA1

51123a4b4d3323d01aff81a132314bf1df641008
SHA256

a33c96cd2767ab3bff433e90b499c83ff9cba6b16f52797c05ea4fc534a9b1bf
SHA512

409bb25c6daef90dfdb0961ed6c4857b6a70bac2f2928b3fd1398ec608c9b31927d8e1ec30a25d8b347669d29471d7debcd18a82a97b9e6dd4c2af851934340a

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/1288-118-0x00000000046B0000-0x0000000006DEA000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3728 wrote to memory of 1288	3728	rundll32.exe	68
PID 3728 wrote to memory of 1288	3728	rundll32.exe	68
PID 3728 wrote to memory of 1288	3728	rundll32.exe	68

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3728
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\12.dll,#1
  2⤵
  PID:1288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1288-118-0x00000000046B0000-0x0000000006DEA000-memory.dmp

Filesize
39.2MB

Download