Overview

overview

8

Static

static

8

c06951ac98...fc.dll

windows7-x64

8

c06951ac98...fc.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    190s
  • max time network
    224s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-11-2022 19:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c06951ac98e587108543cbf20046700efe80d257a5b34205622ad8bd2049adfc.dll

  • Size

    3.7MB

  • MD5

    4668d4fcd04969101d04962e32a704fe

  • SHA1

    a5521b12c834b5c1f3bf9dd84799cb95d6c17a51

  • SHA256

    c06951ac98e587108543cbf20046700efe80d257a5b34205622ad8bd2049adfc

  • SHA512

    221ae63eac60bce41e179d1407b58a43c437803e5764a08379bd2f8b63df5ec367c3d91e1ea6f57fd0d9d85a7b64206dc229ac7efb58c4a3aa550aaee3d944ef

  • SSDEEP

    49152:Ta1PGtlqJIU6irgk0FtF8Eing5BIxCoj0QUTIwEnVPPqpGx9Tlz:+W+8HIxCoj0QUTIwkcpGx

Score
8/10
vmprotect

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Program crash 1 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\c06951ac98e587108543cbf20046700efe80d257a5b34205622ad8bd2049adfc.dll,#1
    1⤵
    • Blocklisted process makes network request
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Windows directory
    PID:1752
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1752 -s 964
      2⤵
      • Program crash
      PID:828
  • C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -pss -s 408 -p 1752 -ip 1752
    1⤵
      PID:1800

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1752-132-0x0000000180000000-0x00000001803B7000-memory.dmp
      Filesize

      3.7MB

      Download
    • memory/1752-133-0x0000000180000000-0x00000001803B7000-memory.dmp
      Filesize

      3.7MB

      Download
    • memory/1752-134-0x0000000180000000-0x00000001803B7000-memory.dmp
      Filesize

      3.7MB

      Download