Overview
overview
10Static
static
3bb2c0f8952...27.exe
windows7-x64
10bb2c0f8952...27.exe
windows10-2004-x64
10$PLUGINSDI...ge.dll
windows7-x64
1$PLUGINSDI...ge.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3Analysis
-
max time kernel
140s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
28-06-2024 01:43
Static task
static1
Behavioral task
behavioral1
Sample
bb2c0f8952c81ef515102521083091df311b71929dc075a506a93cc5d8855527.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
bb2c0f8952c81ef515102521083091df311b71929dc075a506a93cc5d8855527.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BgImage.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BgImage.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240508-en
General
-
Target
$PLUGINSDIR/BgImage.dll
-
Size
7KB
-
MD5
e9f3051a79f12aed819b91f028a463c1
-
SHA1
d088868584cdc04d391ec27cd318034a5ce562bc
-
SHA256
91b8073e8e67945e14fb10963fc9101fae8c298bd4cd7080b4e47b5bdd4af85c
-
SHA512
eac1fb48403959dc8a5ed20d8ced83c2276c510a781191c9f850bd3a9214c10c8ae0a4d9159dc3bb08f9686bc62f25dd31cccdcc48f568cc8678012333afe894
-
SSDEEP
96:8eKGk1LFJaO1/radJEaYtv1Zs4lkL8y3A2EN8Cmy3uTo4j7J3kWyy/:tKhTJa2roqJyA2EN8diuTVje
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3176 wrote to memory of 5016 3176 rundll32.exe rundll32.exe PID 3176 wrote to memory of 5016 3176 rundll32.exe rundll32.exe PID 3176 wrote to memory of 5016 3176 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BgImage.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\BgImage.dll,#12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4144 --field-trial-handle=3192,i,2785050981002401924,4037047756083432660,262144 --variations-seed-version /prefetch:81⤵