Overview
overview
10Static
static
341f3f2ddba...22.exe
windows7-x64
1041f3f2ddba...22.exe
windows10-2004-x64
7$PLUGINSDI...qy.dll
windows7-x64
1$PLUGINSDI...qy.dll
windows10-2004-x64
1emteyvnnuao.ti
windows7-x64
3emteyvnnuao.ti
windows10-2004-x64
3xoxpvgducyg.a
windows7-x64
3xoxpvgducyg.a
windows10-2004-x64
3Analysis
-
max time kernel
54s -
max time network
63s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
30-06-2024 20:12
Static task
static1
Behavioral task
behavioral1
Sample
41f3f2ddba5d6c64f4052044b5b15126bfdc76a93c69e8fd8c53600231b63422.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
41f3f2ddba5d6c64f4052044b5b15126bfdc76a93c69e8fd8c53600231b63422.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/zhwzxmwaqy.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/zhwzxmwaqy.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
emteyvnnuao.ti
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
emteyvnnuao.ti
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
xoxpvgducyg.a
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
xoxpvgducyg.a
Resource
win10v2004-20240508-en
General
-
Target
$PLUGINSDIR/zhwzxmwaqy.dll
-
Size
11KB
-
MD5
6165588ec3553b2fa1f761c423d5fe09
-
SHA1
558f27f32c70441f53a16847437eca0aa37418dc
-
SHA256
ad9c380477cf715de73690f9b332dd77eb13cea4d960381fab6043c1a4eea787
-
SHA512
94cfe4e303a1c45b2e13e43c918f223b1829e755b3cc213fca450fa51d74390e0a59d88fbdfc22430111667f015f1c8f8d3b8f1704f0ad1106254781e4eb498f
-
SSDEEP
192:y5n4z5TxDVI+aRtFDP+qfaSddz0rCt3fc5B1Q1aJo:yV4zmXPDiSddgHi
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4412 wrote to memory of 516 4412 rundll32.exe rundll32.exe PID 4412 wrote to memory of 516 4412 rundll32.exe rundll32.exe PID 4412 wrote to memory of 516 4412 rundll32.exe rundll32.exe