deb1626d73c7f8fc1412698c8a9263da8281ba273cfd3cf3258860c6b3aa0f2b

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
28-06-2024 03:29

Target

deb1626d73c7f8fc1412698c8a9263da8281ba273cfd3cf3258860c6b3aa0f2b.dll
Size

783KB
MD5

8dae5c22fe178eb618d906b09c976330
SHA1

3931c26e680aaf0884678c9f330ffca824303d99
SHA256

deb1626d73c7f8fc1412698c8a9263da8281ba273cfd3cf3258860c6b3aa0f2b
SHA512

15008553a01df4a24cb0ccdd323c87ef61c275f499d38fd168dec23a5be43190985101e2233b8b8960ed3010d3d7e36226577b8d4b75d08df2d209744ac4b3e6
SSDEEP

24576:d66e11wMPAquD0gCCBnyC+O8Vk4b5dy5F:d66+Pruh36Oj4b5dK

Score

7^/10

VMProtect packed file 6 IoCs

Detects executables packed with VMProtect commercial packer.

Processes:

resource	yara_rule
behavioral1/memory/2256-2-0x0000000001FC0000-0x0000000002189000-memory.dmp	vmprotect
behavioral1/memory/2256-3-0x0000000001FC0000-0x0000000002189000-memory.dmp	vmprotect
behavioral1/memory/2256-1-0x0000000001FC0000-0x0000000002189000-memory.dmp	vmprotect
behavioral1/memory/2256-0-0x0000000001FC0000-0x0000000002189000-memory.dmp	vmprotect
behavioral1/memory/2256-4-0x0000000001FC0000-0x0000000002189000-memory.dmp	vmprotect
behavioral1/memory/2256-5-0x0000000001FC0000-0x0000000002189000-memory.dmp	vmprotect

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1276 wrote to memory of 2256	1276	rundll32.exe	rundll32.exe
PID 1276 wrote to memory of 2256	1276	rundll32.exe	rundll32.exe
PID 1276 wrote to memory of 2256	1276	rundll32.exe	rundll32.exe
PID 1276 wrote to memory of 2256	1276	rundll32.exe	rundll32.exe
PID 1276 wrote to memory of 2256	1276	rundll32.exe	rundll32.exe
PID 1276 wrote to memory of 2256	1276	rundll32.exe	rundll32.exe
PID 1276 wrote to memory of 2256	1276	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\deb1626d73c7f8fc1412698c8a9263da8281ba273cfd3cf3258860c6b3aa0f2b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1276

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\deb1626d73c7f8fc1412698c8a9263da8281ba273cfd3cf3258860c6b3aa0f2b.dll,#1
2⤵
PID:2256

memory/2256-2-0x0000000001FC0000-0x0000000002189000-memory.dmp

Filesize
1.8MB

Download
memory/2256-3-0x0000000001FC0000-0x0000000002189000-memory.dmp

Filesize
1.8MB

Download
memory/2256-1-0x0000000001FC0000-0x0000000002189000-memory.dmp

Filesize
1.8MB

Download
memory/2256-0-0x0000000001FC0000-0x0000000002189000-memory.dmp

Filesize
1.8MB

Download
memory/2256-4-0x0000000001FC0000-0x0000000002189000-memory.dmp

Filesize
1.8MB

Download
memory/2256-5-0x0000000001FC0000-0x0000000002189000-memory.dmp

Filesize
1.8MB

Download