8dc38dcd26c62e93c81e7f4408b83ec4d2adfe9a06cfebef0de945b338ec3c8b

Analysis

max time kernel
91s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19-10-2022 09:52

Target

8dc38dcd26c62e93c81e7f4408b83ec4d2adfe9a06cfebef0de945b338ec3c8b.dll
Size

5.6MB
MD5

67d697352c24fa1c30bd79bec7760f19
SHA1

6b59502ca2061177bbe65ed3d4957aeaf26ef309
SHA256

8dc38dcd26c62e93c81e7f4408b83ec4d2adfe9a06cfebef0de945b338ec3c8b
SHA512

7f91d4e09b069f48043b77de652d78c41e8e40e19ce135b783d63d101f1d14d02a15c1758bc68dc127b1e346f565f022a6e477d82031289d5a59d88fc7cfd1ef
SSDEEP

98304:sFUD9DTPp/Bf8rwHZw8C/ldAtIqDEmvLR6SJovBiJxiEBR:6UJ5BfbZ9CjAtdDLjVWvAJ7

Score

8^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/4676-132-0x00007FFFDF060000-0x00007FFFDF9E5000-memory.dmp	vmprotect
behavioral2/memory/4676-135-0x00007FFFDF060000-0x00007FFFDF9E5000-memory.dmp	vmprotect

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4604	4676	WerFault.exe	74

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4676	rundll32.exe
4676	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8dc38dcd26c62e93c81e7f4408b83ec4d2adfe9a06cfebef0de945b338ec3c8b.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4676
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4676 -s 364
  2⤵
  - Program crash
  PID:4604

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 4676 -ip 4676
1⤵
PID:4360

memory/4676-132-0x00007FFFDF060000-0x00007FFFDF9E5000-memory.dmp

Filesize
9.5MB

Download
memory/4676-135-0x00007FFFDF060000-0x00007FFFDF9E5000-memory.dmp

Filesize
9.5MB

Download