cfed710327d0e449e8a24c7e20c05c5babf5069d87cd75ab93ee88fe3a9bd30b

Analysis

max time kernel
114s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 06:41

Target

cfed710327d0e449e8a24c7e20c05c5babf5069d87cd75ab93ee88fe3a9bd30b.dll
Size

40KB
MD5

68ba15b7f310d04d2e702f7cd18bc344
SHA1

30c23475d08c880fbb1c7af91923ba17745a2dd8
SHA256

cfed710327d0e449e8a24c7e20c05c5babf5069d87cd75ab93ee88fe3a9bd30b
SHA512

a2bd2373ccef30a2bdb2975314739197d57b4e1ea992efba107388b2a2362427392eb90fbc3f6a5e7df9f141636b0392ecd47537a6130f1be840db6ef17765b2
SSDEEP

768:PiDoesTZ/44rmMXXpDvUPWc5xrI7GMBkifjaGf9zuSuI:PhTa4rmIF8PWsxrkhJf/f71

Score

8^/10

vmprotect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/4868-133-0x0000000010000000-0x0000000010013000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 4868	2056	rundll32.exe	82
PID 2056 wrote to memory of 4868	2056	rundll32.exe	82
PID 2056 wrote to memory of 4868	2056	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfed710327d0e449e8a24c7e20c05c5babf5069d87cd75ab93ee88fe3a9bd30b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cfed710327d0e449e8a24c7e20c05c5babf5069d87cd75ab93ee88fe3a9bd30b.dll,#1
  2⤵
  PID:4868

memory/4868-133-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download