Overview

overview

8

Static

static

8

55613889c1...6d.dll

windows7-x64

8

55613889c1...6d.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    92s
  • max time network
    105s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2022, 13:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    55613889c1eb781ba371a2cd3b581304339e9d09c0d17e2703c4c0565d5a346d.dll

  • Size

    248KB

  • MD5

    0131f24ae617c5f181cac49d8a8851f0

  • SHA1

    dd0c6aca787172ea3eb0fdceeb0ae591b61d5fb8

  • SHA256

    55613889c1eb781ba371a2cd3b581304339e9d09c0d17e2703c4c0565d5a346d

  • SHA512

    88729373d1029e707c36397780aff57b50be3d9ee81d866ad734cf00b3a1d3c7e0d4190ad56f38808883678ef3e0f50bbd18c56649bb46317e75e7529a1db3b7

  • SSDEEP

    6144:tZvOWi66rpEBUPEEhM0BRS6EbMcjmvS6d3SBNQ/zzyMsax:tZvrizSlEhMCapyDMU/fsax

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\55613889c1eb781ba371a2cd3b581304339e9d09c0d17e2703c4c0565d5a346d.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3260
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\55613889c1eb781ba371a2cd3b581304339e9d09c0d17e2703c4c0565d5a346d.dll,#1
      2⤵
        PID:1164

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1164-133-0x0000000000400000-0x0000000000484000-memory.dmp

      Filesize

      528KB

      Download

    • memory/1164-134-0x0000000000400000-0x0000000000484000-memory.dmp

      Filesize

      528KB

      Download