8cec62d101ff2c327d3ea82508141794606207e62b6b493489c88027931baeb4

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 05:42

Target

8cec62d101ff2c327d3ea82508141794606207e62b6b493489c88027931baeb4.dll
Size

140KB
MD5

4c3c98a2bc24f6916b99bb98d95236a0
SHA1

a80f93ca10f5d840075d9f0a8637eabc765a1a31
SHA256

8cec62d101ff2c327d3ea82508141794606207e62b6b493489c88027931baeb4
SHA512

94479d501cbe2081871489061446502317c590119cd4a62a185055cfe88940ccf18cc38bf8bb9cc545e26bdc56fb52652e9173562fea31711e9013d24f651b21
SSDEEP

3072:k1AlvtMoYAGfT1Gn0MIiCL5FxKJ1XIBrc+EH1ECoL9txX+fTP:woaxT1Q0MIuJ14hc9H1N8txm

Score

8^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral2/memory/4636-133-0x0000000010000000-0x0000000010058000-memory.dmp	vmprotect
behavioral2/memory/4636-136-0x0000000010000000-0x0000000010058000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 5044 wrote to memory of 4636	5044	rundll32.exe	rundll32.exe
PID 5044 wrote to memory of 4636	5044	rundll32.exe	rundll32.exe
PID 5044 wrote to memory of 4636	5044	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8cec62d101ff2c327d3ea82508141794606207e62b6b493489c88027931baeb4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5044

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8cec62d101ff2c327d3ea82508141794606207e62b6b493489c88027931baeb4.dll,#1
2⤵
PID:4636

memory/4636-132-0x0000000000000000-mapping.dmp

Download
memory/4636-133-0x0000000010000000-0x0000000010058000-memory.dmp

Filesize
352KB

Download
memory/4636-136-0x0000000010000000-0x0000000010058000-memory.dmp

Filesize
352KB

Download