167280418d9e7e761c73fc0f74aed1c5b34fb73003e71902b3091f57723e5cd9

Analysis

max time kernel
122s
max time network
151s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
12/10/2023, 17:28

Target

NEAS.0aaa959e1f68c04dc175a589deee8d50_JC.dll
Size

254KB
MD5

0aaa959e1f68c04dc175a589deee8d50
SHA1

9a856d841bbd188d0094362bd237fbd7d546661d
SHA256

167280418d9e7e761c73fc0f74aed1c5b34fb73003e71902b3091f57723e5cd9
SHA512

da6abaab2a33024f7519ece47a279c85e49a5fb723aa25546222df1a9f531e688f917b56f421d6e6b29161021c4941702930c0025bca53822a1fb9d143ed5b46
SSDEEP

6144:B+Yf+XFDk8zQOvzCZlYGtlJ4rC31FbJ9ClvmRQFkz+57J/U3C4lpWum5k:Ut/xvzCZl9t4rClRJ9Clvy+57myowumq

Score

7^/10

vmprotect

VMProtect packed file 5 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/3044-0-0x0000000000710000-0x0000000000796000-memory.dmp	vmprotect
behavioral1/memory/3044-1-0x0000000000710000-0x0000000000796000-memory.dmp	vmprotect
behavioral1/memory/3044-2-0x0000000000710000-0x0000000000796000-memory.dmp	vmprotect
behavioral1/memory/3044-3-0x0000000000710000-0x0000000000796000-memory.dmp	vmprotect
behavioral1/memory/3044-4-0x0000000000710000-0x0000000000796000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 3044	2272	rundll32.exe	28
PID 2272 wrote to memory of 3044	2272	rundll32.exe	28
PID 2272 wrote to memory of 3044	2272	rundll32.exe	28
PID 2272 wrote to memory of 3044	2272	rundll32.exe	28
PID 2272 wrote to memory of 3044	2272	rundll32.exe	28
PID 2272 wrote to memory of 3044	2272	rundll32.exe	28
PID 2272 wrote to memory of 3044	2272	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.0aaa959e1f68c04dc175a589deee8d50_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.0aaa959e1f68c04dc175a589deee8d50_JC.dll,#1
  2⤵
  PID:3044

memory/3044-0-0x0000000000710000-0x0000000000796000-memory.dmp

Filesize
536KB

Download
memory/3044-1-0x0000000000710000-0x0000000000796000-memory.dmp

Filesize
536KB

Download
memory/3044-2-0x0000000000710000-0x0000000000796000-memory.dmp

Filesize
536KB

Download
memory/3044-3-0x0000000000710000-0x0000000000796000-memory.dmp

Filesize
536KB

Download
memory/3044-4-0x0000000000710000-0x0000000000796000-memory.dmp

Filesize
536KB

Download