Analysis
-
max time kernel
1611s -
max time network
1615s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
05-07-2022 04:03
Static task
static1
Behavioral task
behavioral1
Sample
CF AL CHEATS 2K18/BugTrap.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
CF AL CHEATS 2K18/BugTrap.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
CF AL CHEATS 2K18/CF AL CHEATS.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
CF AL CHEATS 2K18/CF AL CHEATS.exe
Resource
win10v2004-20220414-en
General
-
Target
CF AL CHEATS 2K18/BugTrap.dll
-
Size
247KB
-
MD5
b2c2fbcfa93775fc1dfcd7edc8725263
-
SHA1
2b351f25aed5498e1a176cf1078c001950e6eed6
-
SHA256
b0f5173f6e30ba6463111d8c372b9fdc51e46a8f017165b68499931d1e889ff7
-
SHA512
7ecf32c18f2ea8fd01e040c20fbf561e78e2fba1bcb34b26377a85ddf32fb30d73f71e1d0f58146918bdd1fd9bf1b59b7e75582c392930c51660a4bc2c0a99cf
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1756 wrote to memory of 1752 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 1752 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 1752 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 1752 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 1752 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 1752 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 1752 1756 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\CF AL CHEATS 2K18\BugTrap.dll",#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\CF AL CHEATS 2K18\BugTrap.dll",#12⤵