5b8e67da5e38eae5796f63cb12bc88f39c077e2de6c760aeca3963dea3de51a8

Analysis

max time kernel
42s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/11/2022, 03:42

Target

5b8e67da5e38eae5796f63cb12bc88f39c077e2de6c760aeca3963dea3de51a8.dll
Size

247KB
MD5

0423e02bb0a4b0e5f707d2692bb10850
SHA1

fbec07b826c941fed5c7b41c43250834502d3cd1
SHA256

5b8e67da5e38eae5796f63cb12bc88f39c077e2de6c760aeca3963dea3de51a8
SHA512

a65659f23a63b960a03be2a559255f7df224b03ae239be7ae795d47f2e6c4faae0af5903436e892acdff1bb76904692d5a5464e04fd64c3973ff225a48cb3935
SSDEEP

6144:/sIxMBM5cIpqXIGBWPHprSYpwItMNTUDN/T+wd:z1qCLHp+YpwIttDN/T+wd

Score

8^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/1208-56-0x0000000000400000-0x0000000000483000-memory.dmp	vmprotect
behavioral1/memory/1208-57-0x0000000000400000-0x0000000000483000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28
PID 1752 wrote to memory of 1208	1752	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b8e67da5e38eae5796f63cb12bc88f39c077e2de6c760aeca3963dea3de51a8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b8e67da5e38eae5796f63cb12bc88f39c077e2de6c760aeca3963dea3de51a8.dll,#1
  2⤵
  PID:1208

memory/1208-55-0x0000000076261000-0x0000000076263000-memory.dmp

Filesize
8KB

Download
memory/1208-56-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/1208-57-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download