f35a4c795921a5cb233ef2bda07c95d25838f310d4ffbf3ac648869b4a816007

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 07:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f35a4c795921a5cb233ef2bda07c95d25838f310d4ffbf3ac648869b4a816007.dll
Size

3.8MB
MD5

5e53980faa485079efa6c4086c616e4c
SHA1

842cf038f0c4888fbafa3a047bedb453938c812f
SHA256

f35a4c795921a5cb233ef2bda07c95d25838f310d4ffbf3ac648869b4a816007
SHA512

2fb205b51183d50c384b1abd916122d7376dcae9f41fc89f45811cb629d9446b8ce220f85e49b052f5a6759c871744d1aa2fbf524e3452eb20977fb54dc34b18
SSDEEP

98304:DzlTfsrvk6+MeL0N/JWbC294DLdZLBYPNYVyqydxjvZq:DzlDsbaMeL0BJWbCE2LdYuSdx9q

Score

7^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2752-40-0x0000000000270000-0x000000000027B000-memory.dmp	upx
behavioral1/memory/2752-42-0x0000000000270000-0x000000000027B000-memory.dmp	upx

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2752-2-0x0000000010000000-0x00000000108B4000-memory.dmp	vmprotect
behavioral1/memory/2752-41-0x0000000010000000-0x00000000108B4000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2752	rundll32.exe
2752	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2752	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2752	2024	rundll32.exe	28
PID 2024 wrote to memory of 2752	2024	rundll32.exe	28
PID 2024 wrote to memory of 2752	2024	rundll32.exe	28
PID 2024 wrote to memory of 2752	2024	rundll32.exe	28
PID 2024 wrote to memory of 2752	2024	rundll32.exe	28
PID 2024 wrote to memory of 2752	2024	rundll32.exe	28
PID 2024 wrote to memory of 2752	2024	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f35a4c795921a5cb233ef2bda07c95d25838f310d4ffbf3ac648869b4a816007.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f35a4c795921a5cb233ef2bda07c95d25838f310d4ffbf3ac648869b4a816007.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2752-0-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2752-2-0x0000000010000000-0x00000000108B4000-memory.dmp

Filesize
8.7MB

Download
memory/2752-3-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2752-5-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2752-8-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2752-6-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2752-10-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2752-15-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2752-13-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2752-18-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2752-20-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2752-23-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2752-25-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2752-28-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2752-30-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2752-33-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2752-31-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2752-35-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2752-40-0x0000000000270000-0x000000000027B000-memory.dmp

Filesize
44KB

Download
memory/2752-41-0x0000000010000000-0x00000000108B4000-memory.dmp

Filesize
8.7MB

Download
memory/2752-42-0x0000000000270000-0x000000000027B000-memory.dmp

Filesize
44KB

Download