Analysis

  • max time kernel
    45s
  • max time network
    48s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    25-11-2022 12:08

General

  • Target

    97baefd417b330aa81c8dfe5087522099bf248287cbac9825b8b90f588881cf9.dll

  • Size

    107KB

  • MD5

    177a852dc41723876b28dee508a99ee6

  • SHA1

    45e87a13b9894bbfdd1a9d7e34153ce9fe8010a6

  • SHA256

    97baefd417b330aa81c8dfe5087522099bf248287cbac9825b8b90f588881cf9

  • SHA512

    18ee953acad7c6b4e59c7dcddf9711c2688ee8f665610a03434fad15e2758b249f76c0bfc012b0ddf2e9f8b9c528dd98d353afcf4dcde6c4892254af1b21ce8b

  • SSDEEP

    3072:3zKvSm7W7Ju3hrr/OFAS0M+d3ddgS1LkC/NNg:3zKamM8r/OFASl+d3YC/Hg

Score
8/10

Malware Config

Signatures

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\97baefd417b330aa81c8dfe5087522099bf248287cbac9825b8b90f588881cf9.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:536
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\97baefd417b330aa81c8dfe5087522099bf248287cbac9825b8b90f588881cf9.dll,#1
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:1112

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1112-54-0x0000000000000000-mapping.dmp

  • memory/1112-55-0x0000000075B11000-0x0000000075B13000-memory.dmp

    Filesize

    8KB

  • memory/1112-56-0x0000000074BE0000-0x0000000074C12000-memory.dmp

    Filesize

    200KB

  • memory/1112-57-0x0000000074C20000-0x0000000074C52000-memory.dmp

    Filesize

    200KB

  • memory/1112-58-0x0000000074BE0000-0x0000000074C60000-memory.dmp

    Filesize

    512KB