Overview

overview

8

Static

static

8

Wall Hack.dll

windows7-x64

8

Wall Hack.dll

windows10-2004-x64

8

x1nject.exe

windows7-x64

8

x1nject.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    178s
  • max time network
    192s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-11-2022 10:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Wall Hack.dll

  • Size

    197KB

  • MD5

    bee0a0d87f00d2b4e8125aafa5c35b05

  • SHA1

    37527f723c138d4500e30e4a5c34ddecf50c5c34

  • SHA256

    0a5e783e5bb7b812351eb372e324f2f33b5a6f943da0fee718af816e37ce8150

  • SHA512

    b93b40476b79783e95aac3eb2d18b0e8ca6087547235b76056030d5affb707739f3a712ace26ca6a63e96a8ee4383ad2ee70b4ec3fb04d1c8b4298efbac8a69a

  • SSDEEP

    3072:0gSzAsSZES2L8EH89KZGaUalyAJqO9rIm1EVPk6VXF2N1FFQirgPOlS5ss:0g7TES2XcAZQk6O9rIm1d6VFWs/5s

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Wall Hack.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1700
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Wall Hack.dll",#1
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:2628
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 892
        3⤵
        • Program crash
        PID:1000
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2628 -ip 2628
    1⤵
      PID:316

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2628-132-0x0000000000000000-mapping.dmp
      Download
    • memory/2628-133-0x00000000752C0000-0x0000000075347000-memory.dmp
      Filesize

      540KB

      Download
    • memory/2628-136-0x00000000752C0000-0x0000000075347000-memory.dmp
      Filesize

      540KB

      Download
    • memory/2628-137-0x0000000075080000-0x000000007520F000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2628-138-0x0000000075080000-0x000000007520F000-memory.dmp
      Filesize

      1.6MB

      Download
    • memory/2628-139-0x00000000752C0000-0x0000000075347000-memory.dmp
      Filesize

      540KB

      Download