1244f4683b6ae90ed4359ed7e12cab1fec56ae5503cfb7e7bfef2a589bdd9070

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
14/10/2023, 10:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1244f4683b6ae90ed4359ed7e12cab1fec56ae5503cfb7e7bfef2a589bdd9070.dll
Size

3.8MB
MD5

2aa482f1984ecd2f82410b1f702d44fe
SHA1

d8690cfc410056b4a9f85ea04428f2b65eea31ed
SHA256

1244f4683b6ae90ed4359ed7e12cab1fec56ae5503cfb7e7bfef2a589bdd9070
SHA512

56ce04f68e7add842ffb7c237e8a9005aa779e35f1ecbb4ec2959c2e7a4e1c4bb1bc0689d4ed10d59212982a6ed96a178fa757a06a73ca9fd0217e648cce44c9
SSDEEP

98304:FWud4FFY0b8nu6tHZ8XKMsUefOSfeY6Yy4FPuR:Qud4zgaefhfeY6Yy4FP6

Score

7^/10

upx vmprotect

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2460-39-0x0000000000730000-0x000000000073B000-memory.dmp	upx
behavioral1/memory/2460-40-0x0000000000730000-0x000000000073B000-memory.dmp	upx

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
behavioral1/memory/2460-2-0x0000000010000000-0x00000000108AB000-memory.dmp	vmprotect
behavioral1/memory/2460-41-0x0000000010000000-0x00000000108AB000-memory.dmp	vmprotect

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2460	rundll32.exe
2460	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2460	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2460	2444	rundll32.exe	28
PID 2444 wrote to memory of 2460	2444	rundll32.exe	28
PID 2444 wrote to memory of 2460	2444	rundll32.exe	28
PID 2444 wrote to memory of 2460	2444	rundll32.exe	28
PID 2444 wrote to memory of 2460	2444	rundll32.exe	28
PID 2444 wrote to memory of 2460	2444	rundll32.exe	28
PID 2444 wrote to memory of 2460	2444	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1244f4683b6ae90ed4359ed7e12cab1fec56ae5503cfb7e7bfef2a589bdd9070.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1244f4683b6ae90ed4359ed7e12cab1fec56ae5503cfb7e7bfef2a589bdd9070.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2460-0-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2460-2-0x0000000010000000-0x00000000108AB000-memory.dmp

Filesize
8.7MB

Download
memory/2460-3-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2460-5-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2460-6-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-8-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-10-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2460-13-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2460-15-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2460-25-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2460-23-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2460-20-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2460-18-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2460-28-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2460-30-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2460-31-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2460-35-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2460-33-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2460-39-0x0000000000730000-0x000000000073B000-memory.dmp

Filesize
44KB

Download
memory/2460-40-0x0000000000730000-0x000000000073B000-memory.dmp

Filesize
44KB

Download
memory/2460-41-0x0000000010000000-0x00000000108AB000-memory.dmp

Filesize
8.7MB

Download