cbff1e20f34a95846ab70e542a11a5088f889a9d5f3fceddd930a607eddc494b

Analysis

max time kernel
45s
max time network
49s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 20:17

Target

cbff1e20f34a95846ab70e542a11a5088f889a9d5f3fceddd930a607eddc494b.dll
Size

328KB
MD5

b8d0ff6827b1479d85596466317e1cc4
SHA1

00618c208135b90312fd54869ceae39481791c11
SHA256

cbff1e20f34a95846ab70e542a11a5088f889a9d5f3fceddd930a607eddc494b
SHA512

4af4e5bb1413ad9e1c3ce91bfd936838c44f57f734de00135a2b0fd6515e2621a9bb49147f8c4272363ecd9bc749e44193dffe06e964d06334b6c622a6e7e134
SSDEEP

6144:/wfpX5SkMdYQ9vX9IGR8J+TMuyPlIzle1ZsaKZto0wu4R4:omkMdJXIGR8kaPKlMZsAx1R

Score

8^/10

vmprotect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral1/memory/1744-59-0x00000000001A0000-0x000000000024F000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1104 wrote to memory of 1744	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1744	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1744	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1744	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1744	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1744	1104	rundll32.exe	rundll32.exe
PID 1104 wrote to memory of 1744	1104	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbff1e20f34a95846ab70e542a11a5088f889a9d5f3fceddd930a607eddc494b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1104

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbff1e20f34a95846ab70e542a11a5088f889a9d5f3fceddd930a607eddc494b.dll,#1
2⤵
PID:1744

memory/1744-54-0x0000000000000000-mapping.dmp

Download
memory/1744-55-0x0000000075BB1000-0x0000000075BB3000-memory.dmp

Filesize
8KB

Download
memory/1744-57-0x0000000000190000-0x000000000023F000-memory.dmp

Filesize
700KB

Download
memory/1744-58-0x0000000000190000-0x000000000023F000-memory.dmp

Filesize
700KB

Download
memory/1744-59-0x00000000001A0000-0x000000000024F000-memory.dmp

Filesize
700KB

Download