Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
07/12/2023, 14:44
Behavioral task
behavioral1
Sample
Expensive.dll
Resource
win7-20231129-en
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
Expensive.dll
Resource
win10v2004-20231127-en
2 signatures
150 seconds
General
-
Target
Expensive.dll
-
Size
6.3MB
-
MD5
5808a4648b6412df885afc8ed89a5506
-
SHA1
3e88eeedc30387658afa8313020b996f700f1b2f
-
SHA256
94fe6dbe945913d47923ff31b16180997a9273de2e2cd6fd76e6b06e228fb5b3
-
SHA512
6a38285a645577aacc2f32804c6a8e2b88f42eb495a8083c14d6bd422ccaa1a9e0bc8f4f715c2b8ec89354a4871239553f70c9794bf3b85a7535a8e636a51f15
-
SSDEEP
98304:ltvX9ZVfebgQkI8V9ux8YMMV8fE6lRCx/kNM1LFQfbuMtW8OdcbDHv3uHxDkWjK5:T9Hfeb259EMdlRkcuobusW8LuCNpX
Score
7/10
Malware Config
Signatures
-
resource yara_rule behavioral1/memory/2244-2-0x000007FEF43F0000-0x000007FEF50CD000-memory.dmp vmprotect -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2244 rundll32.exe