fd54769de491cb66ccb1efd7d5de0fdf1d31481c2c6a91f12d81ee80c4eaa4ca

Analysis

max time kernel
45s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
06-11-2022 23:13

Target

fd54769de491cb66ccb1efd7d5de0fdf1d31481c2c6a91f12d81ee80c4eaa4ca.dll
Size

124KB
MD5

08e2440c7c6b73914b43e99f7fea3800
SHA1

ef015e08a5e1c028cb99461b1e31ce400f35c00d
SHA256

fd54769de491cb66ccb1efd7d5de0fdf1d31481c2c6a91f12d81ee80c4eaa4ca
SHA512

5b89424b937e7e301a3623d0cc114604205cd97ebac9fb2cddbc3de1562fbb23edebed75ba50b603812e0ac4f22302a38aad84bb749d46c1404998abc3f2b20c
SSDEEP

3072:hq5ppXQ9gWZsq4GkAldShgCU9T46mpXtTcEC9WYzoJ:hgppXQ9l+q4GFl0hy9T4vpXxNCAYA

Score

8^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/1968-56-0x0000000010000000-0x000000001003A000-memory.dmp	vmprotect
behavioral1/memory/1968-58-0x0000000010000000-0x000000001003A000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28
PID 2020 wrote to memory of 1968	2020	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd54769de491cb66ccb1efd7d5de0fdf1d31481c2c6a91f12d81ee80c4eaa4ca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd54769de491cb66ccb1efd7d5de0fdf1d31481c2c6a91f12d81ee80c4eaa4ca.dll,#1
  2⤵
  PID:1968

memory/1968-55-0x00000000756B1000-0x00000000756B3000-memory.dmp

Filesize
8KB

Download
memory/1968-56-0x0000000010000000-0x000000001003A000-memory.dmp

Filesize
232KB

Download
memory/1968-58-0x0000000010000000-0x000000001003A000-memory.dmp

Filesize
232KB

Download