Overview
overview
10Static
static
3004552024107.bat.exe
windows7-x64
10004552024107.bat.exe
windows10-2004-x64
10$PLUGINSDI...ge.dll
windows7-x64
1$PLUGINSDI...ge.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
01-07-2024 09:59
Static task
static1
Behavioral task
behavioral1
Sample
004552024107.bat.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
004552024107.bat.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BgImage.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BgImage.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240611-en
General
-
Target
$PLUGINSDIR/BgImage.dll
-
Size
7KB
-
MD5
2d5f40ddc34e9dc8f43b5bf1f61301e3
-
SHA1
5ed3cd47affc4d55750e738581fce2b40158c825
-
SHA256
785944e57e8e4971f46f84a07d82dee2ab4e14a68543d83bfe7be7d5cda83143
-
SHA512
605cebcc480cb71ba8241782d89e030a5c01e1359accbde174cb6bdaf249167347ecb06e3781cb9b1cc4b465cef95f1663f0d9766ed84ebade87aa3970765b3e
-
SSDEEP
96:8eQMA6z4f7TI20Y1wircawlkX1b3+LDfbAJ8uLzqkLnLiEQjJ3KxkP:tChfHv08wocw3+e8uLmyLpmP
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1832 wrote to memory of 1912 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1912 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1912 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1912 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1912 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1912 1832 rundll32.exe rundll32.exe PID 1832 wrote to memory of 1912 1832 rundll32.exe rundll32.exe