7ad0970378b075286b992d85d547601c3bb676e149f18cf58ad9a957b677dfd9 | Triage

Analysis

max time kernel
121s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/03/2024, 13:30

Sharing

Report Analysis Logs

General

Target

SecuriteInfo.com.Variant.Tedy.520099.14081.5948.dll
Size

1.5MB
MD5

74a07a048837f9704b80066a94799b49
SHA1

dd75437a67aac21f42e20a8d8b7c8d00840b7e10
SHA256

7ad0970378b075286b992d85d547601c3bb676e149f18cf58ad9a957b677dfd9
SHA512

72b717887520bc13066203206439265af6980a1ead0114a60a4dfeb9e3e81f21538cd69cc60d865d1a0903e8cc18ed32851fafeef696fa53c5d1f63b8d0313bb
SSDEEP

24576:RscghjFFuCOjfTYs06OVzVeDl9UwdnQ6:6DsHsV6yVeXd

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral2/memory/1516-0-0x0000000074C80000-0x0000000074DF4000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 1516	2752	regsvr32.exe	94
PID 2752 wrote to memory of 1516	2752	regsvr32.exe	94
PID 2752 wrote to memory of 1516	2752	regsvr32.exe	94

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Tedy.520099.14081.5948.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Variant.Tedy.520099.14081.5948.dll
  2⤵
  PID:1516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=2268 --field-trial-handle=2244,i,11878111470816612087,2265290141962607370,262144 --variations-seed-version /prefetch:8
1⤵
PID:2156

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1516-0-0x0000000074C80000-0x0000000074DF4000-memory.dmp

Filesize
1.5MB

Download