Overview

overview

7

Static

static

7

banlv/context.dll

windows7-x64

7

banlv/context.dll

windows10-2004-x64

7

banlv/倚�...��.exe

windows7-x64

7

banlv/倚�...��.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    135s
  • max time network
    104s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/05/2024, 21:52

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    banlv/context.dll

  • Size

    444KB

  • MD5

    11ecdae66fe27479669c7202d5b29dd9

  • SHA1

    4956580628197c9cd8de67cb4ab833c96b95b6b4

  • SHA256

    958d6b9e5c0a4dd27aa780d7c6af5c1ddb57872ce19c7414dd754d4a4924ec65

  • SHA512

    d037772b6d0178d8deaf5f0d2385bca55dacfc494473e74a3d36aaa5ed49410a10faaf55d716de3cfcb832eb82c12ffb7c8ccb5d7a196e7900f6828b9b0bbd04

  • SSDEEP

    12288:7nbkdcs6Z2iTXGYxft7CeWrnjszRWeV39Sp:7bKR4jflCeknoz7E

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\banlv\context.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2252
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\banlv\context.dll,#1
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:3380

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/3380-0-0x0000000010000000-0x0000000010196000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3380-1-0x0000000010000000-0x0000000010196000-memory.dmp

          Filesize

          1.6MB

          Download

        • memory/3380-3-0x0000000077652000-0x0000000077653000-memory.dmp

          Filesize

          4KB

          Download