968cbfd855c89579eb6cca6f567c4c96a1e660a777eb0d1d1713ad0d6e132b88

Analysis

max time kernel
146s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 23:10

Target

968cbfd855c89579eb6cca6f567c4c96a1e660a777eb0d1d1713ad0d6e132b88.dll
Size

247KB
MD5

07f359adb701071f24a036b5fecbff00
SHA1

56908ec6abba953bad12fa95a8ce30e703ab02b4
SHA256

968cbfd855c89579eb6cca6f567c4c96a1e660a777eb0d1d1713ad0d6e132b88
SHA512

d146d70a88c1d8ed79f091c4c935ab30cb0957253122971130ea228faa65d364008bdcb652f6213d3f030bc6fcfb54db34956832529b043e8e66882ee923b5f8
SSDEEP

6144:hrhi+65S6mSzTf6tPArp+lbJ1YE0FutxwithTbBvp3h:hY7n8ArpMYJFKxzhhR3h

Score

8^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/1128-133-0x0000000000940000-0x00000000009C3000-memory.dmp	vmprotect
behavioral2/memory/1128-134-0x0000000000940000-0x00000000009C3000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 1128	5076	rundll32.exe	82
PID 5076 wrote to memory of 1128	5076	rundll32.exe	82
PID 5076 wrote to memory of 1128	5076	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\968cbfd855c89579eb6cca6f567c4c96a1e660a777eb0d1d1713ad0d6e132b88.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\968cbfd855c89579eb6cca6f567c4c96a1e660a777eb0d1d1713ad0d6e132b88.dll,#1
  2⤵
  PID:1128

memory/1128-133-0x0000000000940000-0x00000000009C3000-memory.dmp

Filesize
524KB

Download
memory/1128-134-0x0000000000940000-0x00000000009C3000-memory.dmp

Filesize
524KB

Download