c575776b81298467efd9a9f160cf8e7488b02be5a4f1431a8d72beb8dcc8eb51

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 20:38

Target

c575776b81298467efd9a9f160cf8e7488b02be5a4f1431a8d72beb8dcc8eb51.dll
Size

2.1MB
MD5

73882d3f4448ff1605f06d20b1b14024
SHA1

4d3183b5d91cd22a66476e6ec4c0472c367b8254
SHA256

c575776b81298467efd9a9f160cf8e7488b02be5a4f1431a8d72beb8dcc8eb51
SHA512

9665adedb71a9e867ffa9c6709e1a25169152d63aa5c624fbced7bb16930812ccef8dfde5eb02e9a65f2daad281c2f040ecb8577facf8434c463b16d38e461f6
SSDEEP

24576:zvYW1jtpvrHPdDcVAu28I2IbYJzJQ0mSaiIxbTSaIZ9Cg7p9kBZv1qw1UykPJBo:cDV7uSai9pRkBZvg8UyGo

Score

8^/10

vmprotect

VMProtect packed file 3 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral2/memory/2404-133-0x0000000010000000-0x0000000010251000-memory.dmp	vmprotect
behavioral2/memory/2404-134-0x0000000010000000-0x0000000010251000-memory.dmp	vmprotect
behavioral2/memory/2404-135-0x0000000010000000-0x0000000010251000-memory.dmp	vmprotect

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

rundll32.exe

pid process

2404 rundll32.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

rundll32.exe

pid process

2404 rundll32.exe

pid	process
2404	rundll32.exe

pid	process
2404	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2232 wrote to memory of 2404	2232	rundll32.exe	rundll32.exe
PID 2232 wrote to memory of 2404	2232	rundll32.exe	rundll32.exe
PID 2232 wrote to memory of 2404	2232	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c575776b81298467efd9a9f160cf8e7488b02be5a4f1431a8d72beb8dcc8eb51.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232

memory/2404-132-0x0000000000000000-mapping.dmp

Download
memory/2404-133-0x0000000010000000-0x0000000010251000-memory.dmp

Filesize
2.3MB

Download
memory/2404-134-0x0000000010000000-0x0000000010251000-memory.dmp

Filesize
2.3MB

Download
memory/2404-135-0x0000000010000000-0x0000000010251000-memory.dmp

Filesize
2.3MB

Download