9c722279ad144e0e85fa54f9a68c7d7eec09a4f96cfbdfdc6389e2e20a28f81f

Analysis

max time kernel
142s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2023 08:23

Target

9c722279ad144e0e85fa54f9a68c7d7eec09a4f96cfbdfdc6389e2e20a28f81f.dll
Size

11.7MB
MD5

7957f9e2709d90253f6e7a6e146a633a
SHA1

e036679e8bf6afdbefb4b8d133f42737ad403568
SHA256

9c722279ad144e0e85fa54f9a68c7d7eec09a4f96cfbdfdc6389e2e20a28f81f
SHA512

5dad905be6819455c48a2ae8565d59a74f1ae55222ea620914f462f029929ab711764cb3e4210e56411fbdb4787320498b6950d6742e3185fe2468e374a498b8
SSDEEP

196608:HknBXDZ28W5HccwpBzi3sTgoUJ4Mlx3GNDrfx7X9mkyNy5ysWSJ+pe6+4BjiJk:Ds+Ugdzlx2Zbxr9mHNy5947r+

Score

7^/10

vmprotect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/8-0-0x0000000074B60000-0x000000007570C000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 8	1612	rundll32.exe	85
PID 1612 wrote to memory of 8	1612	rundll32.exe	85
PID 1612 wrote to memory of 8	1612	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c722279ad144e0e85fa54f9a68c7d7eec09a4f96cfbdfdc6389e2e20a28f81f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9c722279ad144e0e85fa54f9a68c7d7eec09a4f96cfbdfdc6389e2e20a28f81f.dll,#1
  2⤵
  PID:8

memory/8-0-0x0000000074B60000-0x000000007570C000-memory.dmp

Filesize
11.7MB

Download