Overview
overview
10Static
static
3f321c2bed7...3b.exe
windows7-x64
10f321c2bed7...3b.exe
windows10-2004-x64
10$PLUGINSDI...ge.dll
windows7-x64
1$PLUGINSDI...ge.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3Analysis
-
max time kernel
117s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
02-07-2024 02:13
Static task
static1
Behavioral task
behavioral1
Sample
f321c2bed7f29e767bbbf1fb11f6fd64e41e5fe45b3fef084198583a20f9533b.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
f321c2bed7f29e767bbbf1fb11f6fd64e41e5fe45b3fef084198583a20f9533b.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BgImage.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BgImage.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240220-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240508-en
General
-
Target
$PLUGINSDIR/BgImage.dll
-
Size
7KB
-
MD5
2d5f40ddc34e9dc8f43b5bf1f61301e3
-
SHA1
5ed3cd47affc4d55750e738581fce2b40158c825
-
SHA256
785944e57e8e4971f46f84a07d82dee2ab4e14a68543d83bfe7be7d5cda83143
-
SHA512
605cebcc480cb71ba8241782d89e030a5c01e1359accbde174cb6bdaf249167347ecb06e3781cb9b1cc4b465cef95f1663f0d9766ed84ebade87aa3970765b3e
-
SSDEEP
96:8eQMA6z4f7TI20Y1wircawlkX1b3+LDfbAJ8uLzqkLnLiEQjJ3KxkP:tChfHv08wocw3+e8uLmyLpmP
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1968 wrote to memory of 1748 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 1748 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 1748 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 1748 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 1748 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 1748 1968 rundll32.exe rundll32.exe PID 1968 wrote to memory of 1748 1968 rundll32.exe rundll32.exe