Analysis

  • max time kernel
    141s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/12/2023, 02:06

General

  • Target

    4f72edc93c9aa593c9c724dd9ee2a0c5.dll

  • Size

    748KB

  • MD5

    4f72edc93c9aa593c9c724dd9ee2a0c5

  • SHA1

    77e1541befe7ffaa72d6dfdc6dd328d27965b1e6

  • SHA256

    370c712dd759ed8920ea8f60e4a0fcecd11a8cfa8642fb4c9e4f7df3ab05c107

  • SHA512

    f728efee7993bae408791261c7190648107a19d55e14b330b69f89e28c441c0fff3ad137a1fcd8e890618ba2b201e49b3dc6962e3a65630c615169d46277de64

  • SSDEEP

    12288:krTmzUHgoZ4wcY6mN9ELoGd/VVz7V8KEpKIeyqEJtK8UeJixjFNehis3bKy:6IUH0wx6mN9ELH/TF8K2KBydJgPxQ+y

Score
7/10

Malware Config

Signatures

  • VMProtect packed file 4 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\4f72edc93c9aa593c9c724dd9ee2a0c5.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2732
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\4f72edc93c9aa593c9c724dd9ee2a0c5.dll,#1
      2⤵
        PID:4352

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/4352-0-0x00000000022F0000-0x00000000024A9000-memory.dmp

            Filesize

            1.7MB

          • memory/4352-1-0x00000000022F0000-0x00000000024A9000-memory.dmp

            Filesize

            1.7MB

          • memory/4352-2-0x00000000022F0000-0x00000000024A9000-memory.dmp

            Filesize

            1.7MB

          • memory/4352-3-0x00000000022F0000-0x00000000024A9000-memory.dmp

            Filesize

            1.7MB