Overview
overview
10Static
static
3Loader-Ins...1).zip
windows10-1703-x64
3.0/Micros...ta.dll
windows10-1703-x64
1Loader-InstallerS.exe
windows10-1703-x64
8Management.OData.dll
windows10-1703-x64
1Read it to me.txt
windows10-1703-x64
1System.Man...on.dll
windows10-1703-x64
1srmlib.dll
windows10-1703-x64
1wabimp.dll
windows10-1703-x64
1Analysis
-
max time kernel
194s -
max time network
197s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
16-06-2024 05:58
Static task
static1
Behavioral task
behavioral1
Sample
Loader-InstallerS(1).zip
Resource
win10-20240611-en
Behavioral task
behavioral2
Sample
3.0/Microsoft.Management.OData.dll
Resource
win10-20240611-en
Behavioral task
behavioral3
Sample
Loader-InstallerS.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
Management.OData.dll
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
Read it to me.txt
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
System.Management.Automation.dll
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
srmlib.dll
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
wabimp.dll
Resource
win10-20240404-en
General
-
Target
srmlib.dll
-
Size
97KB
-
MD5
f08905d60df43d0852b1174638d27ecf
-
SHA1
2ded79a654a033c67f074ea954df6adca02cd5cd
-
SHA256
1d5557349e8c33d1dba85fe52ca02ce216eaf77b1caad81f3fb483f5634bb6e9
-
SHA512
6c853dc39946b7cb276ea6ce9359b1844ab05b563fc85176c1d36f9ee8152dbc3fc9a3e06effbfb66b80eababf889fc5bf038cdf9c3f7df143016ebc7c7b6c0a
-
SSDEEP
1536:22wnWFZ2PzARLJirsqyGwvCTp+t7WKo8KJ0mVzB:Rwn6J8sqxw7+jF
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3816 wrote to memory of 2204 3816 rundll32.exe rundll32.exe PID 3816 wrote to memory of 2204 3816 rundll32.exe rundll32.exe PID 3816 wrote to memory of 2204 3816 rundll32.exe rundll32.exe