7ad0970378b075286b992d85d547601c3bb676e149f18cf58ad9a957b677dfd9

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 02:12

Target

7ad0970378b075286b992d85d547601c3bb676e149f18cf58ad9a957b677dfd9.dll
Size

1.5MB
MD5

74a07a048837f9704b80066a94799b49
SHA1

dd75437a67aac21f42e20a8d8b7c8d00840b7e10
SHA256

7ad0970378b075286b992d85d547601c3bb676e149f18cf58ad9a957b677dfd9
SHA512

72b717887520bc13066203206439265af6980a1ead0114a60a4dfeb9e3e81f21538cd69cc60d865d1a0903e8cc18ed32851fafeef696fa53c5d1f63b8d0313bb
SSDEEP

24576:RscghjFFuCOjfTYs06OVzVeDl9UwdnQ6:6DsHsV6yVeXd

Score

9^/10

vmprotect

Detects executables packed with VMProtect. 1 IoCs

resource	yara_rule
behavioral1/memory/2196-0-0x0000000074160000-0x00000000742D4000-memory.dmp	INDICATOR_EXE_Packed_VMProtect

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/2196-0-0x0000000074160000-0x00000000742D4000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2196	2192	regsvr32.exe	28
PID 2192 wrote to memory of 2196	2192	regsvr32.exe	28
PID 2192 wrote to memory of 2196	2192	regsvr32.exe	28
PID 2192 wrote to memory of 2196	2192	regsvr32.exe	28
PID 2192 wrote to memory of 2196	2192	regsvr32.exe	28
PID 2192 wrote to memory of 2196	2192	regsvr32.exe	28
PID 2192 wrote to memory of 2196	2192	regsvr32.exe	28

C:\Windows\system32\regsvr32.exe
regsvr32 /s C:\Users\Admin\AppData\Local\Temp\7ad0970378b075286b992d85d547601c3bb676e149f18cf58ad9a957b677dfd9.dll
1⤵
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Windows\SysWOW64\regsvr32.exe
  /s C:\Users\Admin\AppData\Local\Temp\7ad0970378b075286b992d85d547601c3bb676e149f18cf58ad9a957b677dfd9.dll
  2⤵
  PID:2196

memory/2196-0-0x0000000074160000-0x00000000742D4000-memory.dmp

Filesize
1.5MB

Download