Overview

overview

7

Static

static

7

2d2fbf988c...92.dll

windows7-x64

7

2d2fbf988c...92.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    180s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14/11/2023, 09:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    2d2fbf988c45a9b3e0d15344e61596913c870fdb4d50b755d66ff049e1bcaa92.dll

  • Size

    11.4MB

  • MD5

    221ab4e18ad1f8d2b22adcafe2ee4905

  • SHA1

    4936fd0bc5b0fe16b8232c61d7d553974ac65911

  • SHA256

    2d2fbf988c45a9b3e0d15344e61596913c870fdb4d50b755d66ff049e1bcaa92

  • SHA512

    3c1558b6a89364e734f6722b0871580ceb5e3d1f03c828e032c2f7348a7fa858f4af8bb6cf97b8bfb85b1b62e029eaa0f76ab6b090e7064273b4f46e4775a006

  • SSDEEP

    196608:OJHNoFylAqpqzJv6RdpSJsZUY5lw3u6kwnAg5QWcu1fAMhYZlyv:0ibqmJQpDKwy3zkwD5eq3+4v

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d2fbf988c45a9b3e0d15344e61596913c870fdb4d50b755d66ff049e1bcaa92.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3144
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d2fbf988c45a9b3e0d15344e61596913c870fdb4d50b755d66ff049e1bcaa92.dll,#1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2316

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2316-0-0x00000000004E0000-0x00000000004E1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2316-1-0x0000000000B60000-0x0000000000B61000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2316-3-0x0000000000BA0000-0x0000000000BA1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2316-2-0x0000000000B70000-0x0000000000B71000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2316-4-0x0000000000BB0000-0x0000000000BB1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2316-5-0x0000000073280000-0x0000000074BF2000-memory.dmp

          Filesize

          25.4MB

          Download

        • memory/2316-6-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2316-7-0x0000000000CE0000-0x0000000000CE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2316-9-0x0000000073280000-0x0000000074BF2000-memory.dmp

          Filesize

          25.4MB

          Download