Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
12-06-2024 20:04
Static task
static1
Behavioral task
behavioral1
Sample
sample.zip
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
sample.zip
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
data.bin
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
data.bin
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
g2m.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
g2m.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
install.exe
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
install.exe
Resource
win10v2004-20240611-en
General
-
Target
g2m.dll
-
Size
400KB
-
MD5
9e0c959df25e74c80dfa5adba4eaa5c7
-
SHA1
9c5a3ed851e32617b1b294bb2c749a60988439d1
-
SHA256
d1b14d951ccaafc14ab24992678b2fee915838bbc89a32944833268cbba10f68
-
SHA512
36520d6e61833ce446b4e9f01c065bc08f47e91a3125305c5d0fe27f01f2cc19be59c9b4eacc6f0b8fc74536b718decccc7aa1aac8e9de5e685d1893e10a786a
-
SSDEEP
6144:Nt262Yh8H++Xz5YRa5bfpLECjVllx76r2xaP23O/d120:HIF+8Rx4CJTx76r2xaYOO
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2188 wrote to memory of 2252 2188 rundll32.exe rundll32.exe PID 2188 wrote to memory of 2252 2188 rundll32.exe rundll32.exe PID 2188 wrote to memory of 2252 2188 rundll32.exe rundll32.exe PID 2188 wrote to memory of 2252 2188 rundll32.exe rundll32.exe PID 2188 wrote to memory of 2252 2188 rundll32.exe rundll32.exe PID 2188 wrote to memory of 2252 2188 rundll32.exe rundll32.exe PID 2188 wrote to memory of 2252 2188 rundll32.exe rundll32.exe