Overview
overview
10Static
static
3bb2c0f8952...27.exe
windows7-x64
10bb2c0f8952...27.exe
windows10-2004-x64
10$PLUGINSDI...ge.dll
windows7-x64
1$PLUGINSDI...ge.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
28-06-2024 01:43
Static task
static1
Behavioral task
behavioral1
Sample
bb2c0f8952c81ef515102521083091df311b71929dc075a506a93cc5d8855527.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
bb2c0f8952c81ef515102521083091df311b71929dc075a506a93cc5d8855527.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BgImage.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BgImage.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240508-en
General
-
Target
$PLUGINSDIR/BgImage.dll
-
Size
7KB
-
MD5
e9f3051a79f12aed819b91f028a463c1
-
SHA1
d088868584cdc04d391ec27cd318034a5ce562bc
-
SHA256
91b8073e8e67945e14fb10963fc9101fae8c298bd4cd7080b4e47b5bdd4af85c
-
SHA512
eac1fb48403959dc8a5ed20d8ced83c2276c510a781191c9f850bd3a9214c10c8ae0a4d9159dc3bb08f9686bc62f25dd31cccdcc48f568cc8678012333afe894
-
SSDEEP
96:8eKGk1LFJaO1/radJEaYtv1Zs4lkL8y3A2EN8Cmy3uTo4j7J3kWyy/:tKhTJa2roqJyA2EN8diuTVje
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2956 wrote to memory of 2428 2956 rundll32.exe rundll32.exe PID 2956 wrote to memory of 2428 2956 rundll32.exe rundll32.exe PID 2956 wrote to memory of 2428 2956 rundll32.exe rundll32.exe PID 2956 wrote to memory of 2428 2956 rundll32.exe rundll32.exe PID 2956 wrote to memory of 2428 2956 rundll32.exe rundll32.exe PID 2956 wrote to memory of 2428 2956 rundll32.exe rundll32.exe PID 2956 wrote to memory of 2428 2956 rundll32.exe rundll32.exe