Overview
overview
10Static
static
329e1467e97...16.exe
windows7-x64
729e1467e97...16.exe
windows10-2004-x64
10$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 13:38
Static task
static1
Behavioral task
behavioral1
Sample
29e1467e979c85abfbdd3da6b09e6c16.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
29e1467e979c85abfbdd3da6b09e6c16.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Banner.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Banner.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240611-en
General
-
Target
$PLUGINSDIR/Banner.dll
-
Size
3KB
-
MD5
71eab837b047124129461cb97f39745b
-
SHA1
6af00ad38ee73303b39970c96859ab6fe7cae584
-
SHA256
46cbb2797870de12aaac717da5c9bb9e2fab20d42e562d6c3925865caea2e81b
-
SHA512
66aa810dc1cd6e8e45ddd62ac88a4999b1b9a3c61aded5054ac8374d2ef5403021fa6bb104eb75c1f6ff4fdde5bc026f00c83dcb166febaaa47bebae0366276e
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4244 wrote to memory of 3004 4244 rundll32.exe rundll32.exe PID 4244 wrote to memory of 3004 4244 rundll32.exe rundll32.exe PID 4244 wrote to memory of 3004 4244 rundll32.exe rundll32.exe