1b82f6e8970fcc5cd904a606ea1fd0a346511b3752a2b15b89245bde0055fa61

Analysis

max time kernel
122s
max time network
136s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 02:43

Target

1b82f6e8970fcc5cd904a606ea1fd0a346511b3752a2b15b89245bde0055fa61.dll
Size

8.8MB
MD5

047bfa9c690360187fb75a0dc2a931e3
SHA1

cfdea1d3580d6aef98b3f1a2954b2b95a9e2a94d
SHA256

1b82f6e8970fcc5cd904a606ea1fd0a346511b3752a2b15b89245bde0055fa61
SHA512

b326d1559d469d9e55d23e6e45a6281708835ec9b96f7794c04fde2ec2fc9afbc7253dd9a138337d932d749a0363ad5e7d764f0a70058faff6d4fb412596db23
SSDEEP

196608:4tWwp8ilUk1tmwicEb9dwtqaBdCLkT3kEz:kowDrmD+EuMU

Score

7^/10

vmprotect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/2188-0-0x0000000010000000-0x00000000108C1000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2544 wrote to memory of 2188	2544	rundll32.exe	28
PID 2544 wrote to memory of 2188	2544	rundll32.exe	28
PID 2544 wrote to memory of 2188	2544	rundll32.exe	28
PID 2544 wrote to memory of 2188	2544	rundll32.exe	28
PID 2544 wrote to memory of 2188	2544	rundll32.exe	28
PID 2544 wrote to memory of 2188	2544	rundll32.exe	28
PID 2544 wrote to memory of 2188	2544	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b82f6e8970fcc5cd904a606ea1fd0a346511b3752a2b15b89245bde0055fa61.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2544
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b82f6e8970fcc5cd904a606ea1fd0a346511b3752a2b15b89245bde0055fa61.dll,#1
  2⤵
  PID:2188

memory/2188-0-0x0000000010000000-0x00000000108C1000-memory.dmp

Filesize
8.8MB

Download
memory/2188-1-0x0000000010000000-0x00000000108C1000-memory.dmp

Filesize
8.8MB

Download
memory/2188-2-0x0000000010000000-0x00000000108C1000-memory.dmp

Filesize
8.8MB

Download
memory/2188-3-0x0000000010000000-0x00000000108C1000-memory.dmp

Filesize
8.8MB

Download