37d4d9321823a05f90dfc1266c9162df214748e8b243cda967dfe307901dce2d | Triage

Analysis

max time kernel
148s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
25-06-2022 22:01

Sharing

Report Analysis Logs

General

Target

12.dll
Size

10.0MB
MD5

6048e9361c3789c78ef93a9291beacc5
SHA1

cf8a05ba0aef127e811414b7ae1059b1755512de
SHA256

fbb8125816b672c13c34305ba11aa5fc175fa032a6d53604c52d1dd4d7751446
SHA512

4e5112c24635ef0fd37cec17d4a46fb376aa083b6eec3777b22899d289fe6966704b6595535fa64258c4afec1f92c7dada89fc8696a66539919f236ee0b9cc2f

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/2364-131-0x0000000002580000-0x0000000004AF7000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2372 wrote to memory of 2364	2372	rundll32.exe	79
PID 2372 wrote to memory of 2364	2372	rundll32.exe	79
PID 2372 wrote to memory of 2364	2372	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\12.dll,#1
  2⤵
  PID:2364

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2364-131-0x0000000002580000-0x0000000004AF7000-memory.dmp

Filesize
37.5MB

Download