Overview

overview

8

Static

static

8

Americanas...02.dll

windows7-x64

8

Americanas...02.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    43s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    27-11-2022 14:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Americanas -NFE -755097096-201401002.dll

  • Size

    502KB

  • MD5

    57830c9deefcc33789111be9129e212d

  • SHA1

    7b45943176188c03cdb212ed2f3406bdda5898d9

  • SHA256

    c512fa230749c35e2b49cfe3e99bca6e38d60307d42ab07aeb35ea4a8354118b

  • SHA512

    241221adaaac8964ee2ef1f205905a06fbf3a02ab2c9777db19d4c37ce9ebb2ca97c9b42f8b56843078b9bdb9c47d6c2f633974500d5a89b96ec1f5ddd9aa939

  • SSDEEP

    6144:32Q7LAfgJCZS3fPiMw2lNKqLDnNR2Kx6IQyDCVVCHtJAIxlHauPI6K4A8UeZQykz:3NfAeC0Pg2npnmBAGVIHsel6uPrUi/

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Americanas -NFE -755097096-201401002.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1196
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Americanas -NFE -755097096-201401002.dll",#1
      2⤵
        PID:944

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/944-55-0x0000000074E41000-0x0000000074E43000-memory.dmp

      Filesize

      8KB

      Download

    • memory/944-56-0x0000000001CA0000-0x0000000001DCC000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/944-58-0x0000000001CA0000-0x0000000001DCC000-memory.dmp

      Filesize

      1.2MB

      Download