Analysis
-
max time kernel
44s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
12-07-2022 13:01
Static task
static1
Behavioral task
behavioral1
Sample
Plugins/CmdBar.dll
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Plugins/CmdBar.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
betab.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
betab.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
ioncube_loader_lin_5.4.so
Resource
ubuntu1804-amd64-en-20211208
General
-
Target
Plugins/CmdBar.dll
-
Size
63KB
-
MD5
6c7ba28fd1aacd8c4f5c46f76b855199
-
SHA1
c908a3763dda6ed0bc59a3030e080852a15fc6ec
-
SHA256
f9cf91a8c49149c7b05f61185a869af9878a73a19905bad07fa7ac83fe4ed46e
-
SHA512
25854d739fdb61a925f4a2f97f01201c10f1d2286239a0d291a6c1003404d50f43934399cab7d2dc338c43b10eca7f937c4bcd047e279b474909689a83f5405c
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1600 wrote to memory of 908 1600 rundll32.exe rundll32.exe PID 1600 wrote to memory of 908 1600 rundll32.exe rundll32.exe PID 1600 wrote to memory of 908 1600 rundll32.exe rundll32.exe PID 1600 wrote to memory of 908 1600 rundll32.exe rundll32.exe PID 1600 wrote to memory of 908 1600 rundll32.exe rundll32.exe PID 1600 wrote to memory of 908 1600 rundll32.exe rundll32.exe PID 1600 wrote to memory of 908 1600 rundll32.exe rundll32.exe