cfed710327d0e449e8a24c7e20c05c5babf5069d87cd75ab93ee88fe3a9bd30b

Analysis

max time kernel
39s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
11/10/2022, 06:41

Target

cfed710327d0e449e8a24c7e20c05c5babf5069d87cd75ab93ee88fe3a9bd30b.dll
Size

40KB
MD5

68ba15b7f310d04d2e702f7cd18bc344
SHA1

30c23475d08c880fbb1c7af91923ba17745a2dd8
SHA256

cfed710327d0e449e8a24c7e20c05c5babf5069d87cd75ab93ee88fe3a9bd30b
SHA512

a2bd2373ccef30a2bdb2975314739197d57b4e1ea992efba107388b2a2362427392eb90fbc3f6a5e7df9f141636b0392ecd47537a6130f1be840db6ef17765b2
SSDEEP

768:PiDoesTZ/44rmMXXpDvUPWc5xrI7GMBkifjaGf9zuSuI:PhTa4rmIF8PWsxrkhJf/f71

Score

8^/10

vmprotect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/1800-56-0x0000000010000000-0x0000000010013000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1584 wrote to memory of 1800	1584	rundll32.exe	28
PID 1584 wrote to memory of 1800	1584	rundll32.exe	28
PID 1584 wrote to memory of 1800	1584	rundll32.exe	28
PID 1584 wrote to memory of 1800	1584	rundll32.exe	28
PID 1584 wrote to memory of 1800	1584	rundll32.exe	28
PID 1584 wrote to memory of 1800	1584	rundll32.exe	28
PID 1584 wrote to memory of 1800	1584	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfed710327d0e449e8a24c7e20c05c5babf5069d87cd75ab93ee88fe3a9bd30b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1584
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfed710327d0e449e8a24c7e20c05c5babf5069d87cd75ab93ee88fe3a9bd30b.dll,#1
  2⤵
  PID:1800

memory/1800-55-0x0000000075241000-0x0000000075243000-memory.dmp

Filesize
8KB

Download
memory/1800-56-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download