89cea110c54c6b7192c3b5c7512b8790ad617ff2fce223003d0e2fd41f276384

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2022 12:17

Target

89cea110c54c6b7192c3b5c7512b8790ad617ff2fce223003d0e2fd41f276384.dll
Size

632KB
MD5

f1f6cbe5509afe94213157781bf06fd0
SHA1

8dfbf3b9a6c9786b57c42dfb1d31c901ae2123bc
SHA256

89cea110c54c6b7192c3b5c7512b8790ad617ff2fce223003d0e2fd41f276384
SHA512

073e65a7d0bbe280e19055173f22ea3217384f6a36c2fd95e23e509b3026a6f4d9a1cd5965a18899ac486228b46ac7c8ff83ff5ac001cf6f29a7e730989c748a
SSDEEP

12288:VVpIKWJQgeY4Y3TPGp3Ig9E5Okfhuy95qXtIjBRyoknThUrtxksZs+RrWU:VVOKWJyY4YDPSEgG7jBBknThUrtjsQJ

Score

8^/10

vmprotect

Blocklisted process makes network request 1 IoCs

Processes:

rundll32.exe

flow pid process

15 2180 rundll32.exe

flow	pid	process
15	2180	rundll32.exe

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral2/memory/2180-133-0x0000000001FE0000-0x000000000213F000-memory.dmp	vmprotect
behavioral2/memory/2180-135-0x0000000001FE0000-0x000000000213F000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2568 wrote to memory of 2180	2568	rundll32.exe	rundll32.exe
PID 2568 wrote to memory of 2180	2568	rundll32.exe	rundll32.exe
PID 2568 wrote to memory of 2180	2568	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\89cea110c54c6b7192c3b5c7512b8790ad617ff2fce223003d0e2fd41f276384.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2568

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\89cea110c54c6b7192c3b5c7512b8790ad617ff2fce223003d0e2fd41f276384.dll,#1
2⤵
- Blocklisted process makes network request
PID:2180

memory/2180-132-0x0000000000000000-mapping.dmp

Download
memory/2180-133-0x0000000001FE0000-0x000000000213F000-memory.dmp

Filesize
1.4MB

Download
memory/2180-135-0x0000000001FE0000-0x000000000213F000-memory.dmp

Filesize
1.4MB

Download