Overview

overview

8

Static

static

8

bc9e58df6e...84.dll

windows7-x64

5

bc9e58df6e...84.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/12/2022, 05:27

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bc9e58df6ea0df6f972a941ec8b3a411b92726e998ea94287adc522c50dd5084.dll

  • Size

    170KB

  • MD5

    2c5d11704dfaa05b914eb7cf2d6b9fb0

  • SHA1

    9afe2e110d62e391e0ec8f0179370e3b0cd25175

  • SHA256

    bc9e58df6ea0df6f972a941ec8b3a411b92726e998ea94287adc522c50dd5084

  • SHA512

    d246207e0598046339302daadbe6648622eb280b58abb863c334e60133a1320c7d596b75b844122f71de072166fd49db571d97e9a62ae6e6cc70f1bd6357f6cc

  • SSDEEP

    3072:+TtvejdXwDj5cciTeLOjRrJyRQFmHftiqibIojqlfI1+EWvqj:Y2XPbGO1JSIwftiqisoelfVa

Score
8/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 1 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc9e58df6ea0df6f972a941ec8b3a411b92726e998ea94287adc522c50dd5084.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1420
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc9e58df6ea0df6f972a941ec8b3a411b92726e998ea94287adc522c50dd5084.dll,#1
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      PID:4984

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4984-133-0x0000000074E90000-0x0000000074EC1000-memory.dmp

          Filesize

          196KB

          Download