Overview

overview

8

Static

static

8

a3a481ad20...04.dll

windows7-x64

8

a3a481ad20...04.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    52s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 11:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a3a481ad2022dc26ce6697b1c18b5d508c6ffba7f404cdadec2f98f0df30f904.dll

  • Size

    240KB

  • MD5

    e9ea7ae3162ce56efadf1704845ba907

  • SHA1

    8362c15f8b6de1ebc3a6fdc0d1e2476178e8a292

  • SHA256

    a3a481ad2022dc26ce6697b1c18b5d508c6ffba7f404cdadec2f98f0df30f904

  • SHA512

    4c40449920592e4acfdd4e6ebb1c64632a8214c53a7e5653697dde702fe1955dfcd2ebb074df4572adff5cf23ba6cb500c6d4e3093ba759a02f3337868ccb743

  • SSDEEP

    6144:2bk3J8F8Ooga8Jv2cs+plUXoz0StnJ0nHy1nJnoaC7MSS1:2I3+GdGpXs+ppPqnHaJo7f

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3a481ad2022dc26ce6697b1c18b5d508c6ffba7f404cdadec2f98f0df30f904.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4572
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3a481ad2022dc26ce6697b1c18b5d508c6ffba7f404cdadec2f98f0df30f904.dll,#1
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:1532
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 1532 -ip 1532
    1⤵
      PID:3184

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1532-133-0x0000000074C10000-0x0000000074C8D000-memory.dmp

      Filesize

      500KB

      Download

    • memory/1532-136-0x0000000074C10000-0x0000000074C8D000-memory.dmp

      Filesize

      500KB

      Download