Overview
overview
10Static
static
3f8f3812fda...7e.exe
windows7-x64
10f8f3812fda...7e.exe
windows10-2004-x64
10$PLUGINSDI...ge.dll
windows7-x64
1$PLUGINSDI...ge.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3Analysis
-
max time kernel
133s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
02-07-2024 02:14
Static task
static1
Behavioral task
behavioral1
Sample
f8f3812fda1d0d0d729de1e37d310a66df34b8e638dcb5da4ca2605dbb4db57e.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
f8f3812fda1d0d0d729de1e37d310a66df34b8e638dcb5da4ca2605dbb4db57e.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BgImage.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BgImage.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240611-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240508-en
General
-
Target
$PLUGINSDIR/BgImage.dll
-
Size
7KB
-
MD5
2d5f40ddc34e9dc8f43b5bf1f61301e3
-
SHA1
5ed3cd47affc4d55750e738581fce2b40158c825
-
SHA256
785944e57e8e4971f46f84a07d82dee2ab4e14a68543d83bfe7be7d5cda83143
-
SHA512
605cebcc480cb71ba8241782d89e030a5c01e1359accbde174cb6bdaf249167347ecb06e3781cb9b1cc4b465cef95f1663f0d9766ed84ebade87aa3970765b3e
-
SSDEEP
96:8eQMA6z4f7TI20Y1wircawlkX1b3+LDfbAJ8uLzqkLnLiEQjJ3KxkP:tChfHv08wocw3+e8uLmyLpmP
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 556 wrote to memory of 4696 556 rundll32.exe rundll32.exe PID 556 wrote to memory of 4696 556 rundll32.exe rundll32.exe PID 556 wrote to memory of 4696 556 rundll32.exe rundll32.exe