Malware Analysis Report

2024-11-30 23:27

Sample ID 230810-xg2dnsgf24
Target 3bc9a13ed11a0da691a2b97ddd52168dbead463fd5371916a1d574184c422a3c
SHA256 3bc9a13ed11a0da691a2b97ddd52168dbead463fd5371916a1d574184c422a3c
Tags
vmprotect systembc trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3bc9a13ed11a0da691a2b97ddd52168dbead463fd5371916a1d574184c422a3c

Threat Level: Known bad

The file 3bc9a13ed11a0da691a2b97ddd52168dbead463fd5371916a1d574184c422a3c was found to be: Known bad.

Malicious Activity Summary

vmprotect systembc trojan

SystemBC

Blocklisted process makes network request

VMProtect packed file

Unsigned PE

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2023-08-10 18:50

Signatures

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-08-10 18:50

Reported

2023-08-10 18:52

Platform

win10v2004-20230703-en

Max time kernel

139s

Max time network

146s

Command Line

rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bc9a13ed11a0da691a2b97ddd52168dbead463fd5371916a1d574184c422a3c.dll,#1

Signatures

SystemBC

trojan systembc

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A

VMProtect packed file

vmprotect
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A
N/A N/A C:\Windows\system32\rundll32.exe N/A

Processes

C:\Windows\system32\rundll32.exe

rundll32.exe C:\Users\Admin\AppData\Local\Temp\3bc9a13ed11a0da691a2b97ddd52168dbead463fd5371916a1d574184c422a3c.dll,#1

Network

Country Destination Domain Proto
US 8.8.8.8:53 2.136.104.51.in-addr.arpa udp
US 8.8.8.8:53 126.137.241.8.in-addr.arpa udp
US 8.8.8.8:53 67.31.126.40.in-addr.arpa udp
US 8.8.8.8:53 108.211.229.192.in-addr.arpa udp
RU 5.42.65.67:4298 tcp
US 8.8.8.8:53 67.65.42.5.in-addr.arpa udp
US 8.8.8.8:53 26.165.165.52.in-addr.arpa udp
US 8.8.8.8:53 15.164.165.52.in-addr.arpa udp
US 8.8.8.8:53 43.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 226.162.46.104.in-addr.arpa udp

Files

memory/2144-133-0x00007FFFBC4F0000-0x00007FFFBC4F2000-memory.dmp

memory/2144-134-0x00007FFF9E9D0000-0x00007FFF9F3A1000-memory.dmp

memory/2144-135-0x00007FFFBC500000-0x00007FFFBC502000-memory.dmp

memory/2144-136-0x00007FFFBB680000-0x00007FFFBB682000-memory.dmp

memory/2144-137-0x00007FFFBB690000-0x00007FFFBB692000-memory.dmp

memory/2144-138-0x00007FFFB9FF0000-0x00007FFFB9FF2000-memory.dmp

memory/2144-139-0x00007FFFBA000000-0x00007FFFBA002000-memory.dmp

memory/2144-142-0x00007FFF9E9D0000-0x00007FFF9F3A1000-memory.dmp

memory/2144-141-0x00007FFFBC510000-0x00007FFFBC512000-memory.dmp