78af3903e1e462e378529d96f3076c98e77dae5851319de4de308947f576c688

Analysis

max time kernel
140s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 20:13

Target

78af3903e1e462e378529d96f3076c98e77dae5851319de4de308947f576c688.dll
Size

632KB
MD5

a3a72dc3bdc78a0e8217b709d86ddac1
SHA1

a2f834d27ed87324bdad51ad9633933af710ec86
SHA256

78af3903e1e462e378529d96f3076c98e77dae5851319de4de308947f576c688
SHA512

226a68489adb58af50c44cbaf2afeb7968d1e7289f767f06b8a686308d6393a54d8e1435a1df9231e8ca715316feec0fe7c4b7d2410f38acf18d07954fd3ccba
SSDEEP

12288:aC19qxlmeq+ig11gL36acSDBsxm2t54SI+leq36YJQRi9sFZdas/3SR:XO1236t8Bsxm2LxI+tLy/dvy

Score

8^/10

vmprotect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/1508-133-0x0000000010000000-0x00000000100E8000-memory.dmp	vmprotect

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4804	1508	WerFault.exe	82

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1536 wrote to memory of 1508	1536	rundll32.exe	82
PID 1536 wrote to memory of 1508	1536	rundll32.exe	82
PID 1536 wrote to memory of 1508	1536	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\78af3903e1e462e378529d96f3076c98e77dae5851319de4de308947f576c688.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\78af3903e1e462e378529d96f3076c98e77dae5851319de4de308947f576c688.dll,#1
  2⤵
  PID:1508
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 600
    3⤵
    - Program crash
    PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 1508 -ip 1508
1⤵
PID:4812

memory/1508-133-0x0000000010000000-0x00000000100E8000-memory.dmp

Filesize
928KB

Download