f9541177fa7f4b302f68bb84936345dd08cf3ade10ef4a1d0548c47aef7962b6

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/05/2024, 19:20

Target

f9541177fa7f4b302f68bb84936345dd08cf3ade10ef4a1d0548c47aef7962b6.dll
Size

1.1MB
MD5

f6d442a0bb93e14a361eccbcacbfdc1a
SHA1

66fa143c6ce38338cebbfe3dc3f988bd32d7850a
SHA256

f9541177fa7f4b302f68bb84936345dd08cf3ade10ef4a1d0548c47aef7962b6
SHA512

c3128d4879ca62d5e9411012f648d849fb8f90735e845648ce95c5da459b4f1a59a2bb2713002fd015a8ff0fb172ef46c95df491168175e921563bf492dbcf9b
SSDEEP

24576:j67AqoEHP7mWhvaUikTcBHSsw2XODmq5BiqJ84AX45iWvhr:ucqbhv2HbeDDBiqJ84/5lvh

Score

7^/10

vmprotect

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
behavioral1/memory/1052-1-0x0000000074600000-0x0000000074911000-memory.dmp	vmprotect
behavioral1/memory/1052-3-0x0000000074600000-0x0000000074911000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 1052	1908	rundll32.exe	28
PID 1908 wrote to memory of 1052	1908	rundll32.exe	28
PID 1908 wrote to memory of 1052	1908	rundll32.exe	28
PID 1908 wrote to memory of 1052	1908	rundll32.exe	28
PID 1908 wrote to memory of 1052	1908	rundll32.exe	28
PID 1908 wrote to memory of 1052	1908	rundll32.exe	28
PID 1908 wrote to memory of 1052	1908	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9541177fa7f4b302f68bb84936345dd08cf3ade10ef4a1d0548c47aef7962b6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9541177fa7f4b302f68bb84936345dd08cf3ade10ef4a1d0548c47aef7962b6.dll,#1
  2⤵
  PID:1052

memory/1052-0-0x00000000742E0000-0x00000000745F1000-memory.dmp

Filesize
3.1MB

Download
memory/1052-2-0x00000000742E0000-0x00000000745F1000-memory.dmp

Filesize
3.1MB

Download
memory/1052-1-0x0000000074600000-0x0000000074911000-memory.dmp

Filesize
3.1MB

Download
memory/1052-3-0x0000000074600000-0x0000000074911000-memory.dmp

Filesize
3.1MB

Download