a08c15953cdf97976b2edd05e918403e57d7d650e0a5701de0304d2abe3127c7

Analysis

max time kernel
45s
max time network
50s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
02-10-2022 12:42

Target

a08c15953cdf97976b2edd05e918403e57d7d650e0a5701de0304d2abe3127c7.dll
Size

144KB
MD5

6d8b021af8e6442eab5e25ad354b3afb
SHA1

c75ae398fe34b0f312dc7ac07ac7c042a5a5a9bb
SHA256

a08c15953cdf97976b2edd05e918403e57d7d650e0a5701de0304d2abe3127c7
SHA512

a820f1fff103b86a547930f86e5f4665fdf70e798c0050ae6ac312c010dda9cfe4695417315c2be7be8b493c1e5e6ee4948108bb95fa6c11f2e43294b6310725
SSDEEP

3072:qP1HB3xCmxHuMMbE8Mvf3qA2VCLApovsHsCJHJTKxfFY:u1h3UmxHXMA8Mvf6A2PokH/pTKj

Score

8^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/1356-56-0x0000000010000000-0x0000000010058000-memory.dmp	vmprotect
behavioral1/memory/1356-59-0x0000000010000000-0x0000000010058000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27
PID 1308 wrote to memory of 1356	1308	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a08c15953cdf97976b2edd05e918403e57d7d650e0a5701de0304d2abe3127c7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1308
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a08c15953cdf97976b2edd05e918403e57d7d650e0a5701de0304d2abe3127c7.dll,#1
  2⤵
  PID:1356

memory/1356-54-0x0000000000000000-mapping.dmp

Download
memory/1356-55-0x0000000074DA1000-0x0000000074DA3000-memory.dmp

Filesize
8KB

Download
memory/1356-56-0x0000000010000000-0x0000000010058000-memory.dmp

Filesize
352KB

Download
memory/1356-59-0x0000000010000000-0x0000000010058000-memory.dmp

Filesize
352KB

Download