Overview
overview
4Static
static
4iU�...��.dll
windows7-x64
1iU�...��.dll
windows10-2004-x64
1iU�...��.exe
windows7-x64
1iU�...��.exe
windows10-2004-x64
1iU�...��.dll
windows7-x64
1iU�...��.dll
windows10-2004-x64
1iU�...��.url
windows7-x64
1iU�...��.url
windows10-2004-x64
1iU�...��.dll
windows7-x64
1iU�...��.dll
windows10-2004-x64
1iU�...��.exe
windows7-x64
1iU�...��.exe
windows10-2004-x64
1iU�...��.dll
windows7-x64
1iU�...��.dll
windows10-2004-x64
1iU�...��.url
windows7-x64
1iU�...��.url
windows10-2004-x64
1iU�...��.pdf
windows7-x64
1iU�...��.pdf
windows10-2004-x64
1iU�...��.url
windows7-x64
1iU�...��.url
windows10-2004-x64
1Analysis
-
max time kernel
64s -
max time network
145s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
23-10-2022 10:13
Behavioral task
behavioral1
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.dll
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.dll
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.url
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.url
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.dll
Resource
win7-20220901-en
Behavioral task
behavioral10
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.exe
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral13
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.dll
Resource
win7-20220901-en
Behavioral task
behavioral14
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral15
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.url
Resource
win7-20220812-en
Behavioral task
behavioral16
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.url
Resource
win10v2004-20220901-en
Behavioral task
behavioral17
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.pdf
Resource
win7-20220812-en
Behavioral task
behavioral18
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.pdf
Resource
win10v2004-20220812-en
Behavioral task
behavioral19
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.url
Resource
win7-20220812-en
Behavioral task
behavioral20
Sample
iUjs]pƹuΫ X-Mouse Button Control K��.url
Resource
win10v2004-20220901-en
General
-
Target
iUjs]pƹuΫ X-Mouse Button Control K��.dll
-
Size
364KB
-
MD5
61c5b19137499097252b3ff045f58c51
-
SHA1
a6e09564da5610b42f291d10ea414e4b79b5731d
-
SHA256
cb2a47787fcda96511a434e82a07a7be03fb7733667dc1a5975b5226730565c5
-
SHA512
b2379c840887a4cf3c7cc98cfd1497f1d39eacb66077e4a49a55a6e2a91dc5fc068ef3feb5d59feb6717edc7c65610be49d2c07845dd4ee24e445a66fa509ef7
-
SSDEEP
6144:4v+VkJpn893Q9eg3rX9FudjTLNjGGtOCi5TBObX:4vfJp8pQ9eg3rX9FudjxqTk
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 8 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\Identifier rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 rundll32.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz rundll32.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 1360 rundll32.exe 1360 rundll32.exe -
Suspicious use of AdjustPrivilegeToken 21 IoCs
Processes:
rundll32.exedescription pid process Token: SeIncreaseQuotaPrivilege 1360 rundll32.exe Token: SeSecurityPrivilege 1360 rundll32.exe Token: SeTakeOwnershipPrivilege 1360 rundll32.exe Token: SeLoadDriverPrivilege 1360 rundll32.exe Token: SeSystemProfilePrivilege 1360 rundll32.exe Token: SeSystemtimePrivilege 1360 rundll32.exe Token: SeProfSingleProcessPrivilege 1360 rundll32.exe Token: SeIncBasePriorityPrivilege 1360 rundll32.exe Token: SeCreatePagefilePrivilege 1360 rundll32.exe Token: SeBackupPrivilege 1360 rundll32.exe Token: SeRestorePrivilege 1360 rundll32.exe Token: SeShutdownPrivilege 1360 rundll32.exe Token: SeDebugPrivilege 1360 rundll32.exe Token: SeSystemEnvironmentPrivilege 1360 rundll32.exe Token: SeRemoteShutdownPrivilege 1360 rundll32.exe Token: SeUndockPrivilege 1360 rundll32.exe Token: SeManageVolumePrivilege 1360 rundll32.exe Token: 33 1360 rundll32.exe Token: 34 1360 rundll32.exe Token: 35 1360 rundll32.exe Token: 36 1360 rundll32.exe