29f02ed4cd03502ecca7f79ca9f54c40d00ece31427b98f6d0ad6a4e7c7cc2fe

Analysis

max time kernel
44s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/11/2022, 09:25

Target

29f02ed4cd03502ecca7f79ca9f54c40d00ece31427b98f6d0ad6a4e7c7cc2fe.dll
Size

800KB
MD5

0688292373e4f2a68d0e2b3f17e85870
SHA1

b06fdeb3cfe3a1a4e9f75bae2966e2c9c3ed30ac
SHA256

29f02ed4cd03502ecca7f79ca9f54c40d00ece31427b98f6d0ad6a4e7c7cc2fe
SHA512

2f839633315aa78ec4e4fb591281fe298e85decc46b4e122525a9e44049b2b811193b727fed3cbe6d5b2776acd329770c68d8d0fa673d4192216f83ab08d25b8
SSDEEP

12288:g83TuYSMxfqBJ2+q/EVCF2aJm4gSQkgdTFEXfn529fwqbf1BuXj8lMQHjnZXuf/g:nDuIARr4ghk4cxYfwqbmXIlFHlXP

Score

8^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/1708-56-0x0000000001F10000-0x000000000209C000-memory.dmp	vmprotect
behavioral1/memory/1708-57-0x0000000001F10000-0x000000000209C000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27
PID 620 wrote to memory of 1708	620	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29f02ed4cd03502ecca7f79ca9f54c40d00ece31427b98f6d0ad6a4e7c7cc2fe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\29f02ed4cd03502ecca7f79ca9f54c40d00ece31427b98f6d0ad6a4e7c7cc2fe.dll,#1
  2⤵
  PID:1708

memory/1708-55-0x0000000075711000-0x0000000075713000-memory.dmp

Filesize
8KB

Download
memory/1708-56-0x0000000001F10000-0x000000000209C000-memory.dmp

Filesize
1.5MB

Download
memory/1708-57-0x0000000001F10000-0x000000000209C000-memory.dmp

Filesize
1.5MB

Download