6ef735a9fd1c1c9853c833f56e939b67d1124b96aeed2247031b107c2e0be431

Analysis

max time kernel
239s
max time network
335s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 22:32

Target

6ef735a9fd1c1c9853c833f56e939b67d1124b96aeed2247031b107c2e0be431.dll
Size

454KB
MD5

5ad3c9a110805a3bca36a19d490588d0
SHA1

ad14f8d70103364b552e5a27cc1b9273009540ea
SHA256

6ef735a9fd1c1c9853c833f56e939b67d1124b96aeed2247031b107c2e0be431
SHA512

dcd514033c9159ce52ff5b9c6014ea94801177650fb1054f724ba9ad72eb053ff55a986bf9f74df03065938613559eee721aad8c3a082a9fabef0cd90735e48d
SSDEEP

12288:oxmebWhic2+e7OqFzrzwRP/BWQ+6iVeKAd8L:ooe2ic2+KO5JBbiVeKAy

Score

8^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral1/memory/1864-56-0x0000000001E40000-0x0000000001F41000-memory.dmp	vmprotect
behavioral1/memory/1864-57-0x0000000001E40000-0x0000000001F41000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1188 wrote to memory of 1864	1188	rundll32.exe	rundll32.exe
PID 1188 wrote to memory of 1864	1188	rundll32.exe	rundll32.exe
PID 1188 wrote to memory of 1864	1188	rundll32.exe	rundll32.exe
PID 1188 wrote to memory of 1864	1188	rundll32.exe	rundll32.exe
PID 1188 wrote to memory of 1864	1188	rundll32.exe	rundll32.exe
PID 1188 wrote to memory of 1864	1188	rundll32.exe	rundll32.exe
PID 1188 wrote to memory of 1864	1188	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ef735a9fd1c1c9853c833f56e939b67d1124b96aeed2247031b107c2e0be431.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1188

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ef735a9fd1c1c9853c833f56e939b67d1124b96aeed2247031b107c2e0be431.dll,#1
2⤵
PID:1864

memory/1864-54-0x0000000000000000-mapping.dmp

Download
memory/1864-55-0x00000000767C1000-0x00000000767C3000-memory.dmp

Filesize
8KB

Download
memory/1864-56-0x0000000001E40000-0x0000000001F41000-memory.dmp

Filesize
1.0MB

Download
memory/1864-57-0x0000000001E40000-0x0000000001F41000-memory.dmp

Filesize
1.0MB

Download