Overview
overview
10Static
static
3Loader-Ins...1).zip
windows10-1703-x64
3.0/Micros...ta.dll
windows10-1703-x64
1Loader-InstallerS.exe
windows10-1703-x64
8Management.OData.dll
windows10-1703-x64
1Read it to me.txt
windows10-1703-x64
1System.Man...on.dll
windows10-1703-x64
1srmlib.dll
windows10-1703-x64
1wabimp.dll
windows10-1703-x64
1Analysis
-
max time kernel
193s -
max time network
196s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
16-06-2024 05:58
Static task
static1
Behavioral task
behavioral1
Sample
Loader-InstallerS(1).zip
Resource
win10-20240611-en
Behavioral task
behavioral2
Sample
3.0/Microsoft.Management.OData.dll
Resource
win10-20240611-en
Behavioral task
behavioral3
Sample
Loader-InstallerS.exe
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
Management.OData.dll
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
Read it to me.txt
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
System.Management.Automation.dll
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
srmlib.dll
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
wabimp.dll
Resource
win10-20240404-en
General
-
Target
wabimp.dll
-
Size
42KB
-
MD5
fd5791592f821f419276dc41041370f5
-
SHA1
529345646ace85659476f487b6c41eb3254edbb0
-
SHA256
db6b4ed4561e8730fda614ae1d213d5ba452353ac06f3c4bd1d896ea1668fa93
-
SHA512
5f92345c676438930b974c6a702e9129f1398477f28c9d320bf94b4626ec564066d32d287f2d28a2b8cdacb5d6d5722910c75b8bf4d59edfc6866242865551c6
-
SSDEEP
768:fegDSnBBghmExnQKwYh1uCEkbDLkYleUCIOqaKTsKGDcW:GgDSBBg0ExQKfhb3ST5KoKMc
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 608 wrote to memory of 4960 608 rundll32.exe rundll32.exe PID 608 wrote to memory of 4960 608 rundll32.exe rundll32.exe PID 608 wrote to memory of 4960 608 rundll32.exe rundll32.exe