Analysis

  • max time kernel
    148s
  • max time network
    109s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31/12/2023, 09:23

General

  • Target

    30bafe5e2d742745a33338d965d41cd6.dll

  • Size

    743KB

  • MD5

    30bafe5e2d742745a33338d965d41cd6

  • SHA1

    d89d7be0589426b82748c982e10f512320a5de0b

  • SHA256

    1c7c3ed81edd1c033e08fe0be1ed0a37e30bdea6b0b8843d98f5d796806f1861

  • SHA512

    fc7c6da19ce4121efb4fe4de4e1321b0a7136e6cc2f06a462c9d5a894522699fabff39d7dc84b30e41162a91dccf77923f0eb95b4e722f14c895b9f18b5bc75b

  • SSDEEP

    12288:BEmRWvd469qwwvx9swGImfWLJiijqr4jnOa10RIIibqOLGRIg0M+sgMHF8D/Fx:BEvW6IwyjzsfxwOa10C+VIzpDtx

Score
7/10

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\30bafe5e2d742745a33338d965d41cd6.dll,#1
    1⤵
      PID:1148
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\30bafe5e2d742745a33338d965d41cd6.dll,#1
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2656

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1148-0-0x0000000000400000-0x00000000005B8000-memory.dmp

            Filesize

            1.7MB

          • memory/1148-1-0x0000000000400000-0x00000000005B8000-memory.dmp

            Filesize

            1.7MB

          • memory/1148-2-0x0000000000400000-0x00000000005B8000-memory.dmp

            Filesize

            1.7MB