14cb6f1182b05ceae0f22f3e152a13907d74a8557ee963cd0db7d5fc4044f40b

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 12:58

Target

14cb6f1182b05ceae0f22f3e152a13907d74a8557ee963cd0db7d5fc4044f40b.dll
Size

254KB
MD5

2f06fe0b1dd1a680deae66c3657e1e50
SHA1

8fe16081aab955c5dbb5d605e929bb08d7b8c541
SHA256

14cb6f1182b05ceae0f22f3e152a13907d74a8557ee963cd0db7d5fc4044f40b
SHA512

ab54d87774ceeffd1ed1ef754c4d65227821235d755450daeba6cf5a46179118c062ca43b98ef0b7270dd8fca81767efd600e49858c02ced297dbd312edff543
SSDEEP

6144:B+Yf+XFDk8zQOvzCZlYGtlJ4rC31FbJ9ClvmRQFkz+57J/U3C4lpWum5v:Ut/xvzCZl9t4rClRJ9Clvy+57myowump

Score

8^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/644-133-0x0000000001FF0000-0x0000000002076000-memory.dmp	vmprotect
behavioral2/memory/644-134-0x0000000001FF0000-0x0000000002076000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4464 wrote to memory of 644	4464	rundll32.exe	81
PID 4464 wrote to memory of 644	4464	rundll32.exe	81
PID 4464 wrote to memory of 644	4464	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14cb6f1182b05ceae0f22f3e152a13907d74a8557ee963cd0db7d5fc4044f40b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4464
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\14cb6f1182b05ceae0f22f3e152a13907d74a8557ee963cd0db7d5fc4044f40b.dll,#1
  2⤵
  PID:644

memory/644-133-0x0000000001FF0000-0x0000000002076000-memory.dmp

Filesize
536KB

Download
memory/644-134-0x0000000001FF0000-0x0000000002076000-memory.dmp

Filesize
536KB

Download