2a0e9b131f7ab5a9f05b67a5136b437a8482ab7a8886b6cacb6063d79c10e230

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 03:38

Target

96262d61166d88fb0633ae612dabe1db.dll
Size

104KB
MD5

96262d61166d88fb0633ae612dabe1db
SHA1

4b287693d96f0df3feab6c10a2bcb86574c19da9
SHA256

2a0e9b131f7ab5a9f05b67a5136b437a8482ab7a8886b6cacb6063d79c10e230
SHA512

dee455860ec42d386b5532db3a9f1702b2b0c355134220c1879ee04f294e3f0442d6b8ca8ff8d08b97d5d416d20d7c3763431d0dac6785806c3780c6d8525f58
SSDEEP

1536:x4mlTueoPxoxTRMfWJCjqGSWuoNPMWBUfko1wvarrTr9jlX9MQafpaoR/s1ATMP:rTueoPkKMCWGf1U9bjrT1akoR/O2A

Score

8^/10

vmprotect

Blocklisted process makes network request 1 IoCs

flow	pid	Process
3	2100	rundll32.exe

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/2100-0-0x0000000010000000-0x0000000010056000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2100	2076	rundll32.exe	16
PID 2076 wrote to memory of 2100	2076	rundll32.exe	16
PID 2076 wrote to memory of 2100	2076	rundll32.exe	16
PID 2076 wrote to memory of 2100	2076	rundll32.exe	16
PID 2076 wrote to memory of 2100	2076	rundll32.exe	16
PID 2076 wrote to memory of 2100	2076	rundll32.exe	16
PID 2076 wrote to memory of 2100	2076	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\96262d61166d88fb0633ae612dabe1db.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\96262d61166d88fb0633ae612dabe1db.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:2100

memory/2100-0-0x0000000010000000-0x0000000010056000-memory.dmp

Filesize
344KB

Download