Analysis

  • max time kernel
    145s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/01/2024, 14:36

General

  • Target

    50d300cc4deb2ab91ac2c2fafbc7fae3.dll

  • Size

    864KB

  • MD5

    50d300cc4deb2ab91ac2c2fafbc7fae3

  • SHA1

    af7903cf8855c75edd2c1995bf4e0ffbb08b712c

  • SHA256

    e582ed5437c3b4f75803a43486f194fd2c7ae5190567e731c364aafa6cb37ef2

  • SHA512

    3161b221edc7f90035db5ac762d30c368e838d9c9ad1dbb6c1cccfc16d140e5e5226fa9d79011b5d1bb80aa86b31b8cdc17d68d93260a66de5ce37f7fa6c5979

  • SSDEEP

    24576:zZ/yh5MRglm6BgRWDd/tcZAYS3unvwmYzLf3M:zxe5MRr6Cq1cnvlSL

Score
7/10

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\50d300cc4deb2ab91ac2c2fafbc7fae3.dll,#1
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2120
  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\50d300cc4deb2ab91ac2c2fafbc7fae3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1696

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2120-0-0x0000000010000000-0x000000001022F000-memory.dmp

          Filesize

          2.2MB

        • memory/2120-1-0x0000000010000000-0x000000001022F000-memory.dmp

          Filesize

          2.2MB