3507b15ffbd43b876dd02e499d551b4106a81682e993a5602426e6b8cfb25a02

Analysis

max time kernel
91s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 09:50

Target

3507b15ffbd43b876dd02e499d551b4106a81682e993a5602426e6b8cfb25a02.dll
Size

691KB
MD5

5528c3bed7d7331379f56f2b1e7a05f0
SHA1

54afa283f2298853595b71e6cc235acec6151603
SHA256

3507b15ffbd43b876dd02e499d551b4106a81682e993a5602426e6b8cfb25a02
SHA512

7e249fcbb53bd5b5f2f901df6baac37d7bf1557a324ec2ed078c995991ae391fb2d65feec28b1369c18a5a75bfcd88d9aedfaebf9812c92221a0efa5348510a2
SSDEEP

12288:vn2z1fdJPN/A7OC3ffPCLckVfjx87Kd/ILeWKRHJPoOyQ3I32vISVw4zXK7c7lbm:uz17WyCPacKfjxwKdwLINiVQ4mQSa4aF

Score

8^/10

vmprotect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral2/memory/5068-133-0x0000000010000000-0x00000000100F1000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4032 wrote to memory of 5068	4032	rundll32.exe	rundll32.exe
PID 4032 wrote to memory of 5068	4032	rundll32.exe	rundll32.exe
PID 4032 wrote to memory of 5068	4032	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3507b15ffbd43b876dd02e499d551b4106a81682e993a5602426e6b8cfb25a02.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4032

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3507b15ffbd43b876dd02e499d551b4106a81682e993a5602426e6b8cfb25a02.dll,#1
2⤵
PID:5068

memory/5068-132-0x0000000000000000-mapping.dmp

Download
memory/5068-133-0x0000000010000000-0x00000000100F1000-memory.dmp

Filesize
964KB

Download