203c0c00799149d404bd782effaf8840030f752e360dfa6f5911ebc8a1e7fb96

Analysis

max time kernel
43s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/10/2022, 21:21

Target

203c0c00799149d404bd782effaf8840030f752e360dfa6f5911ebc8a1e7fb96.dll
Size

382KB
MD5

02cdbd4d5fa443c567a22041119cd460
SHA1

bdda73dd4d704ee5197ddd05fbd0a0d52ef475b0
SHA256

203c0c00799149d404bd782effaf8840030f752e360dfa6f5911ebc8a1e7fb96
SHA512

394d311dc9110edfd21611379395ba28f9a2641cacb0083dd99f7c94c91a7bc7c9d5e4b1703927e015daf3bebc6efe82b2e9f807ef718ef36ea03e6b37f899b3
SSDEEP

6144:bu4xaao/ulp6IZRYog5T6YU9piHbATbfQ3EoJRshga+Irx6v8Iod6Qwj:a2aPmr6IZSoETTGMkTzQvRsD+AQOMQ

Score

8^/10

vmprotect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/984-56-0x000000006DD20000-0x000000006DDED000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 984	1096	rundll32.exe	27
PID 1096 wrote to memory of 984	1096	rundll32.exe	27
PID 1096 wrote to memory of 984	1096	rundll32.exe	27
PID 1096 wrote to memory of 984	1096	rundll32.exe	27
PID 1096 wrote to memory of 984	1096	rundll32.exe	27
PID 1096 wrote to memory of 984	1096	rundll32.exe	27
PID 1096 wrote to memory of 984	1096	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\203c0c00799149d404bd782effaf8840030f752e360dfa6f5911ebc8a1e7fb96.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\203c0c00799149d404bd782effaf8840030f752e360dfa6f5911ebc8a1e7fb96.dll,#1
  2⤵
  PID:984

memory/984-55-0x0000000075ED1000-0x0000000075ED3000-memory.dmp

Filesize
8KB

Download
memory/984-56-0x000000006DD20000-0x000000006DDED000-memory.dmp

Filesize
820KB

Download
memory/984-59-0x000000006DD20000-0x000000006DDED000-memory.dmp

Filesize
820KB

Download