Analysis
-
max time kernel
115s -
max time network
138s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
23-11-2022 11:46
General
-
Target
e18cc6d5fa5ae439e38f9aa5a8e414e434fa9a0199ecc781df3662a3764268da.dll
-
Size
48KB
-
MD5
9463be1c944b5ca3fa2ebc3a772d1981
-
SHA1
07f1e2bbb3c782e0428ff4f432a097a29c9f856e
-
SHA256
e18cc6d5fa5ae439e38f9aa5a8e414e434fa9a0199ecc781df3662a3764268da
-
SHA512
f9740f972bfbc50d2c336940d0b96662f74a07c95211a3ce20206a85b77f242a58b1363dcf5868c6e7e059024dae62c680de72f59bbdd288f850ed56260709b4
-
SSDEEP
768:TplJFsLFGVz7WBruWvaEbNQUZWf05ByD7MTh77knLYZTaSw7AT0rC5Dy:VlCworHJNhFB+IX0LIa77AwrC5Dy
Score
8/10
Malware Config
Signatures
-
VMProtect packed file 2 IoCs
Detects executables packed with VMProtect commercial packer.
-
Program crash 1 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e18cc6d5fa5ae439e38f9aa5a8e414e434fa9a0199ecc781df3662a3764268da.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\e18cc6d5fa5ae439e38f9aa5a8e414e434fa9a0199ecc781df3662a3764268da.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 6043⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4624 -ip 46241⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/4624-132-0x0000000000000000-mapping.dmp
-
memory/4624-133-0x0000000010000000-0x0000000010016000-memory.dmpFilesize
88KB
-
memory/4624-134-0x0000000010000000-0x0000000010016000-memory.dmpFilesize
88KB