Overview

overview

8

Static

static

8

1c8b16294b...82.dll

windows7-x64

8

1c8b16294b...82.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    29s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    19-10-2022 12:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1c8b16294b6f5022cf47110a3fa886e9f191ab0f9a18f2942144dee1d8b5e982.dll

  • Size

    916KB

  • MD5

    a1da2d6884de16685053269c19fe248c

  • SHA1

    9f503178a750a5a58e4319c800820ed5e829434d

  • SHA256

    1c8b16294b6f5022cf47110a3fa886e9f191ab0f9a18f2942144dee1d8b5e982

  • SHA512

    7c48829a31d213454396315f32780026849c84a761027770f100b047d68c7015ef61e618004674b3241e5f8e1319ab5c37ff53aa343992213f14dd77c2245aed

  • SSDEEP

    24576:r1v8FIOipHz1DM/VFVtj+2jmHrLMcIye5ugOmlqz:uHiBz14/Vd+PMNfOmW

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c8b16294b6f5022cf47110a3fa886e9f191ab0f9a18f2942144dee1d8b5e982.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1808
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\1c8b16294b6f5022cf47110a3fa886e9f191ab0f9a18f2942144dee1d8b5e982.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/908-54-0x0000000000000000-mapping.dmp

    Download

  • memory/908-55-0x00000000751A1000-0x00000000751A3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/908-56-0x0000000010000000-0x0000000010266000-memory.dmp

    Filesize

    2.4MB

    Download