7952bd439451f492239ffcde62b9b5e2d026639aa62a8722f5df6418c1dc90b2

Analysis

max time kernel
91s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
25/02/2024, 12:11

Target

3d.dll
Size

1.1MB
MD5

12a40b394a5aed6d2c164bfad3f3d915
SHA1

0e57d45fab34883bd69c4f1cd888b022eb1e8989
SHA256

4bc5e84878008e31316df3a4d16e57d4af748846ff640921f6c710a1ffe44a01
SHA512

4709ad7a58c46f0f80b147fcec793ba314ed83b04b9d44834e6f994858a06ab0b0c5312328c71fca35ede8f444591b838e1840b823b2ac0a1d8bad8cc1a77cb1
SSDEEP

24576:LjGYYFmBIZ7XT+9dKIfw/20j1rYnrySjhRH/zyCAGkJJcURE8gIUdkzYCuF39EyM:LGbw18JqyyRH/zQ93lRngYIF3G5NY

Score

7^/10

themida

Themida packer 2 IoCs

Detects Themida, an advanced Windows software protection system.

resource	yara_rule
behavioral2/memory/4856-0-0x0000000010000000-0x000000001025E000-memory.dmp	themida
behavioral2/memory/4856-5-0x0000000010000000-0x000000001025E000-memory.dmp	themida

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 916 wrote to memory of 4856	916	rundll32.exe	85
PID 916 wrote to memory of 4856	916	rundll32.exe	85
PID 916 wrote to memory of 4856	916	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d.dll,#1
  2⤵
  PID:4856

memory/4856-0-0x0000000010000000-0x000000001025E000-memory.dmp

Filesize
2.4MB

Download
memory/4856-1-0x0000000001430000-0x0000000001431000-memory.dmp

Filesize
4KB

Download
memory/4856-2-0x0000000002C30000-0x0000000002D03000-memory.dmp

Filesize
844KB

Download
memory/4856-3-0x0000000002DD0000-0x0000000002F6E000-memory.dmp

Filesize
1.6MB

Download
memory/4856-4-0x0000000002D10000-0x0000000002DAD000-memory.dmp

Filesize
628KB

Download
memory/4856-5-0x0000000010000000-0x000000001025E000-memory.dmp

Filesize
2.4MB

Download
memory/4856-6-0x0000000001430000-0x0000000001431000-memory.dmp

Filesize
4KB

Download