Overview
overview
10Static
static
3P0-ADFUK.bat.exe
windows7-x64
10P0-ADFUK.bat.exe
windows10-2004-x64
10$PLUGINSDI...ge.dll
windows7-x64
1$PLUGINSDI...ge.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
01-07-2024 05:58
Static task
static1
Behavioral task
behavioral1
Sample
P0-ADFUK.bat.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
P0-ADFUK.bat.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BgImage.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BgImage.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240611-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240611-en
General
-
Target
$PLUGINSDIR/BgImage.dll
-
Size
7KB
-
MD5
2d5f40ddc34e9dc8f43b5bf1f61301e3
-
SHA1
5ed3cd47affc4d55750e738581fce2b40158c825
-
SHA256
785944e57e8e4971f46f84a07d82dee2ab4e14a68543d83bfe7be7d5cda83143
-
SHA512
605cebcc480cb71ba8241782d89e030a5c01e1359accbde174cb6bdaf249167347ecb06e3781cb9b1cc4b465cef95f1663f0d9766ed84ebade87aa3970765b3e
-
SSDEEP
96:8eQMA6z4f7TI20Y1wircawlkX1b3+LDfbAJ8uLzqkLnLiEQjJ3KxkP:tChfHv08wocw3+e8uLmyLpmP
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2280 wrote to memory of 2264 2280 rundll32.exe rundll32.exe PID 2280 wrote to memory of 2264 2280 rundll32.exe rundll32.exe PID 2280 wrote to memory of 2264 2280 rundll32.exe rundll32.exe PID 2280 wrote to memory of 2264 2280 rundll32.exe rundll32.exe PID 2280 wrote to memory of 2264 2280 rundll32.exe rundll32.exe PID 2280 wrote to memory of 2264 2280 rundll32.exe rundll32.exe PID 2280 wrote to memory of 2264 2280 rundll32.exe rundll32.exe