Overview
overview
10Static
static
107zS8A52FD1...f3.exe
windows7_x64
87zS8A52FD1...f3.exe
windows10-2004_x64
87zS8A52FD1...62.exe
windows7_x64
77zS8A52FD1...62.exe
windows10-2004_x64
77zS8A52FD1...9a.exe
windows7_x64
107zS8A52FD1...9a.exe
windows10-2004_x64
107zS8A52FD1...8a.exe
windows7_x64
107zS8A52FD1...8a.exe
windows10-2004_x64
107zS8A52FD1...f5.exe
windows7_x64
17zS8A52FD1...f5.exe
windows10-2004_x64
17zS8A52FD1...68.exe
windows7_x64
77zS8A52FD1...68.exe
windows10-2004_x64
77zS8A52FD1...41.exe
windows7_x64
77zS8A52FD1...41.exe
windows10-2004_x64
77zS8A52FD1...cd.exe
windows7_x64
87zS8A52FD1...cd.exe
windows10-2004_x64
87zS8A52FD1...71.exe
windows7_x64
57zS8A52FD1...71.exe
windows10-2004_x64
57zS8A52FD1...9c.exe
windows7_x64
107zS8A52FD1...9c.exe
windows10-2004_x64
107zS8A52FD1...0d.exe
windows7_x64
17zS8A52FD1...0d.exe
windows10-2004_x64
17zS8A52FD1...ff.exe
windows7_x64
107zS8A52FD1...ff.exe
windows10-2004_x64
107zS8A52FD1...68.exe
windows7_x64
107zS8A52FD1...68.exe
windows10-2004_x64
107zS8A52FD1...-1.dll
windows7_x64
37zS8A52FD1...-1.dll
windows10-2004_x64
37zS8A52FD1...-6.dll
windows7_x64
37zS8A52FD1...-6.dll
windows10-2004_x64
37zS8A52FD1...-1.dll
windows7_x64
17zS8A52FD1...-1.dll
windows10-2004_x64
1Analysis
-
max time kernel
150s -
max time network
188s -
platform
windows10-2004_x64 -
resource
win10v2004-20220414-en -
submitted
09-06-2022 14:12
Behavioral task
behavioral1
Sample
7zS8A52FD1B/62a1ea227dc1c_17ee33ef3.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
7zS8A52FD1B/62a1ea227dc1c_17ee33ef3.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
7zS8A52FD1B/62a1ea23342ae_c77562.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
7zS8A52FD1B/62a1ea23342ae_c77562.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
7zS8A52FD1B/62a1ea23da745_6e68c9a.exe
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
7zS8A52FD1B/62a1ea23da745_6e68c9a.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
7zS8A52FD1B/62a1ea243386e_a4f8a5d8a.exe
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
7zS8A52FD1B/62a1ea243386e_a4f8a5d8a.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
7zS8A52FD1B/62a1ea2501f48_0371f5.exe
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
7zS8A52FD1B/62a1ea2501f48_0371f5.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral11
Sample
7zS8A52FD1B/62a1ea2a20759_b7a66dc968.exe
Resource
win7-20220414-en
Behavioral task
behavioral12
Sample
7zS8A52FD1B/62a1ea2a20759_b7a66dc968.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral13
Sample
7zS8A52FD1B/62a1ea2b65292_c4804f5141.exe
Resource
win7-20220414-en
Behavioral task
behavioral14
Sample
7zS8A52FD1B/62a1ea2b65292_c4804f5141.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral15
Sample
7zS8A52FD1B/62a1ea2d09364_3056ccd.exe
Resource
win7-20220414-en
Behavioral task
behavioral16
Sample
7zS8A52FD1B/62a1ea2d09364_3056ccd.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral17
Sample
7zS8A52FD1B/62a1ea2df066e_add786971.exe
Resource
win7-20220414-en
Behavioral task
behavioral18
Sample
7zS8A52FD1B/62a1ea2df066e_add786971.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral19
Sample
7zS8A52FD1B/62a1ea2f0beee_36a9ec29c.exe
Resource
win7-20220414-en
Behavioral task
behavioral20
Sample
7zS8A52FD1B/62a1ea2f0beee_36a9ec29c.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral21
Sample
7zS8A52FD1B/62a1ea2fb0309_1d35870d.exe
Resource
win7-20220414-en
Behavioral task
behavioral22
Sample
7zS8A52FD1B/62a1ea2fb0309_1d35870d.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral23
Sample
7zS8A52FD1B/62a1ea319013f_e64e1ff.exe
Resource
win7-20220414-en
Behavioral task
behavioral24
Sample
7zS8A52FD1B/62a1ea319013f_e64e1ff.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral25
Sample
7zS8A52FD1B/62a1ea3215fd5_67a668.exe
Resource
win7-20220414-en
Behavioral task
behavioral26
Sample
7zS8A52FD1B/62a1ea3215fd5_67a668.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral27
Sample
7zS8A52FD1B/libgcc_s_dw2-1.dll
Resource
win7-20220414-en
Behavioral task
behavioral28
Sample
7zS8A52FD1B/libgcc_s_dw2-1.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral29
Sample
7zS8A52FD1B/libstdc++-6.dll
Resource
win7-20220414-en
Behavioral task
behavioral30
Sample
7zS8A52FD1B/libstdc++-6.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral31
Sample
7zS8A52FD1B/libwinpthread-1.dll
Resource
win7-20220414-en
Behavioral task
behavioral32
Sample
7zS8A52FD1B/libwinpthread-1.dll
Resource
win10v2004-20220414-en
General
-
Target
7zS8A52FD1B/libwinpthread-1.dll
-
Size
69KB
-
MD5
1e0d62c34ff2e649ebc5c372065732ee
-
SHA1
fcfaa36ba456159b26140a43e80fbd7e9d9af2de
-
SHA256
509cb1d1443b623a02562ac760bced540e327c65157ffa938a22f75e38155723
-
SHA512
3653f8ed8ad3476632f731a3e76c6aae97898e4bf14f70007c93e53bc443906835be29f861c4a123db5b11e0f3dd5013b2b3833469a062060825df9ee708dc61
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1612 wrote to memory of 1912 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 1912 1612 rundll32.exe rundll32.exe PID 1612 wrote to memory of 1912 1612 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7zS8A52FD1B\libwinpthread-1.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\7zS8A52FD1B\libwinpthread-1.dll,#12⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1912-130-0x0000000000000000-mapping.dmp