Analysis Overview
SHA256
b17f6d86a9b9d63e841046b6b999e1197e81b2cf5cc6bcf376be9698e5d0f84b
Threat Level: Known bad
The file b17f6d86a9b9d63e841046b6b999e1197e81b2cf5cc6bcf376be9698e5d0f84b was found to be: Known bad.
Malicious Activity Summary
SystemBC
Blocklisted process makes network request
VMProtect packed file
Unsigned PE
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2023-08-08 20:07
Signatures
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2023-08-08 20:07
Reported
2023-08-08 20:09
Platform
win10-20230703-en
Max time kernel
128s
Max time network
137s
Command Line
Signatures
SystemBC
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
VMProtect packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\system32\rundll32.exe | N/A |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b17f6d86a9b9d63e841046b6b999e1197e81b2cf5cc6bcf376be9698e5d0f84b.dll,#1
Network
| Country | Destination | Domain | Proto |
| RU | 5.42.65.67:4298 | tcp | |
| US | 8.8.8.8:53 | 43.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 38.148.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.112.168.52.in-addr.arpa | udp |
Files
memory/4796-117-0x00007FFF9C5D0000-0x00007FFF9C5D2000-memory.dmp
memory/4796-119-0x00007FFF9C5E0000-0x00007FFF9C5E2000-memory.dmp
memory/4796-120-0x00007FFF9A8D0000-0x00007FFF9A8D2000-memory.dmp
memory/4796-118-0x00007FFF8FC50000-0x00007FFF90723000-memory.dmp
memory/4796-122-0x00007FFF98C90000-0x00007FFF98C92000-memory.dmp
memory/4796-121-0x00007FFF9A8E0000-0x00007FFF9A8E2000-memory.dmp
memory/4796-123-0x00007FFF98CA0000-0x00007FFF98CA2000-memory.dmp
memory/4796-124-0x00007FFF9C5F0000-0x00007FFF9C5F2000-memory.dmp
memory/4796-125-0x00007FFF8FC50000-0x00007FFF90723000-memory.dmp