Analysis

  • max time kernel
    146s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/12/2023, 14:44

General

  • Target

    Expensive.dll

  • Size

    6.3MB

  • MD5

    5808a4648b6412df885afc8ed89a5506

  • SHA1

    3e88eeedc30387658afa8313020b996f700f1b2f

  • SHA256

    94fe6dbe945913d47923ff31b16180997a9273de2e2cd6fd76e6b06e228fb5b3

  • SHA512

    6a38285a645577aacc2f32804c6a8e2b88f42eb495a8083c14d6bd422ccaa1a9e0bc8f4f715c2b8ec89354a4871239553f70c9794bf3b85a7535a8e636a51f15

  • SSDEEP

    98304:ltvX9ZVfebgQkI8V9ux8YMMV8fE6lRCx/kNM1LFQfbuMtW8OdcbDHv3uHxDkWjK5:T9Hfeb259EMdlRkcuobusW8LuCNpX

Score
7/10

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Expensive.dll,#1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    PID:5000

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/5000-2-0x00007FF81CD50000-0x00007FF81DA2D000-memory.dmp

          Filesize

          12.9MB

        • memory/5000-0-0x00007FF83BCD0000-0x00007FF83BCD2000-memory.dmp

          Filesize

          8KB

        • memory/5000-1-0x00007FF81CD50000-0x00007FF81DA2D000-memory.dmp

          Filesize

          12.9MB