Overview

overview

8

Static

static

8

rundll.exe

windows7_x64

8

rundll.exe

windows10-2004_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rundll.exe

  • Size

    4.0MB

  • Sample

    220610-kmhgjahchj

  • MD5

    8d042aad9f0f5f149fdf1fad7320fad1

  • SHA1

    977ac40982019f42975f36dc603b566ca0f6dc67

  • SHA256

    ad78c9580b03cf3943bb989b3fc8d5cfd37828c2dbef3c9dd7affc36e59092bc

  • SHA512

    fe092f1a37b029cafef3e01306dfc9c793792d0f5411c6983c10e671844c0d26652e4d7bf2356531557b8b24e8acb5bcb7c137aa27d96c6ea53ee5b260b75cea

Score
8/10
vmprotect

Malware Config

Targets

    • Target

      rundll.exe

    • Size

      4.0MB

    • MD5

      8d042aad9f0f5f149fdf1fad7320fad1

    • SHA1

      977ac40982019f42975f36dc603b566ca0f6dc67

    • SHA256

      ad78c9580b03cf3943bb989b3fc8d5cfd37828c2dbef3c9dd7affc36e59092bc

    • SHA512

      fe092f1a37b029cafef3e01306dfc9c793792d0f5411c6983c10e671844c0d26652e4d7bf2356531557b8b24e8acb5bcb7c137aa27d96c6ea53ee5b260b75cea

    Score
    8/10
    vmprotect

    • Executes dropped EXE

    • VMProtect packed file

      Detects executables packed with VMProtect commercial packer.

      vmprotect

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks