Overview

overview

7

Static

static

7

Voltage.dll

windows11-21h2-x64

7

Resubmissions

05/08/2024, 09:51

240805-lvgewasfpq 7

05/08/2024, 09:49

240805-ltke5ssfmm 7

Analysis

  • max time kernel
    18s
  • max time network
    22s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    05/08/2024, 09:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Voltage.dll

  • Size

    6.5MB

  • MD5

    6573ce7970405983186828a58288ff53

  • SHA1

    e1c5abfb07a20dfd23d244c69d7ec4c5a880aaf4

  • SHA256

    0d20e777de144bc47062c083bbb8e20c2c504c989ebcc7c97c2833c255a6da48

  • SHA512

    4f0d9ad54a3473a9cc13ab36dcbdf5b423a872a01169e6bddd2821459005dab2fccbe035c2d6146a4836a22a4c9822183c6ed5ab0630b188ed2d5cd753516777

  • SSDEEP

    196608:YN6KheqIwhuvk0dY17DEcWfTVZjpZ6e/a4QSIt/hj:YN6KhekhuvkGOUrTZzy4MZ

Score
7/10
vmprotect

Malware Config

Signatures

  • VMProtect packed file 2 IoCs

    Detects executables packed with VMProtect commercial packer.

    vmprotect
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Voltage.dll,#1
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    PID:1732

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1732-0-0x00007FFA63BEB000-0x00007FFA63F53000-memory.dmp

          Filesize

          3.4MB

          Download

        • memory/1732-1-0x00007FFA846D0000-0x00007FFA846D2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1732-2-0x00007FFA846E0000-0x00007FFA846E2000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1732-3-0x00007FFA63780000-0x00007FFA645D2000-memory.dmp

          Filesize

          14.3MB

          Download

        • memory/1732-7-0x00007FFA63BEB000-0x00007FFA63F53000-memory.dmp

          Filesize

          3.4MB

          Download

        • memory/1732-8-0x00007FFA63780000-0x00007FFA645D2000-memory.dmp

          Filesize

          14.3MB

          Download