2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f

Analysis

max time kernel
196s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 20:17

Target

2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f.dll
Size

318KB
MD5

537402ee556a3cd05552ec9a64a2ef07
SHA1

12768e31c3268fc76c701bf128be96c946fef45a
SHA256

2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f
SHA512

a4bd2246726e4f425d1cd7e01e8e6a75bb41776b08c41c0c40314f36acd2d320dcbea4bd57cc4cf30d8931ddc9c996e76e884962ea0375b314fc491e56fa3a5d
SSDEEP

6144:i6BDSXv3WyRljOpYwo+XqidUtmko1vMAvcvyEmut6R4gocnwgv/p+ZJN:i6BKWyRljgYUXqKomko1EzvM7nwGp+Zn

Score

8^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral2/memory/1396-133-0x0000000075860000-0x0000000075909000-memory.dmp	vmprotect
behavioral2/memory/1396-134-0x0000000075860000-0x0000000075909000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2556 wrote to memory of 1396	2556	rundll32.exe	rundll32.exe
PID 2556 wrote to memory of 1396	2556	rundll32.exe	rundll32.exe
PID 2556 wrote to memory of 1396	2556	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2556

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2053b2ac272847bbc71a35f348e4e9c54f81ed4729faf688fcf1053d0316e26f.dll,#1
2⤵
PID:1396

memory/1396-132-0x0000000000000000-mapping.dmp

Download
memory/1396-133-0x0000000075860000-0x0000000075909000-memory.dmp

Filesize
676KB

Download
memory/1396-134-0x0000000075860000-0x0000000075909000-memory.dmp

Filesize
676KB

Download