6413b835503a6c77f347a262f0ce18de15ea59608658aa8c2e51a3433ffe1624

Resubmissions

15/01/2023, 00:36

230115-aybg9abe6s 8

15/01/2023, 00:11

230115-agp93sfe58 8

15/01/2023, 00:06

230115-ad4y3abc3t 8

Analysis

max time kernel
51s
max time network
73s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
15/01/2023, 00:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

interium/crack/v4.dll
Size

14.7MB
MD5

4b25ddde53db2c330ba626907a215567
SHA1

d9b91e07b7c865d665c1304bcb6c5f6c23e21458
SHA256

71030519768ec7c316add9d354df5d05c307218c459acf6b57f1d8cf3007f7aa
SHA512

f193bd0d6ecb0f27e3c37acfb64ab6a0658ad88d42b15655be6f42bf83b6aa202088acb9d4e590fb76263d88926f9b063bb25c1593b2bfcaa3018220a433aef7
SSDEEP

393216:jl7MsZ1LWvPSdVZ/QWjHc+p1y/cUpt+zBK9ub:jl7HEPS6WjppAEot+zBfb

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/1692-178-0x0000000072480000-0x00000000742CC000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1692	rundll32.exe
1692	rundll32.exe
1692	rundll32.exe
1692	rundll32.exe
1692	rundll32.exe
1692	rundll32.exe
1692	rundll32.exe
1692	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3764 wrote to memory of 1692	3764	rundll32.exe	66
PID 3764 wrote to memory of 1692	3764	rundll32.exe	66
PID 3764 wrote to memory of 1692	3764	rundll32.exe	66

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\interium\crack\v4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\interium\crack\v4.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1692-121-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-122-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-123-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-124-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-125-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-126-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-127-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-128-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-129-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-131-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-130-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-132-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-133-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-134-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-135-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-137-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-136-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-138-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-139-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-140-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-141-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-142-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-143-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-144-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-145-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-146-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-147-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-148-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-149-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-150-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-151-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-152-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-153-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-154-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-155-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-156-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-157-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-158-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-159-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-160-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-162-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-164-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-165-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-166-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-163-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-161-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-167-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-168-0x0000000004160000-0x00000000049DF000-memory.dmp

Filesize
8.5MB

Download
memory/1692-176-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-175-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-177-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-178-0x0000000072480000-0x00000000742CC000-memory.dmp

Filesize
30.3MB

Download
memory/1692-179-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-180-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-181-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-182-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-183-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-184-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download
memory/1692-185-0x0000000077BF0000-0x0000000077D7E000-memory.dmp

Filesize
1.6MB

Download