Overview
overview
10Static
static
5Setup.exe
windows7-x64
10Setup.exe
windows10-2004-x64
10cracked dl...ib.dll
windows7-x64
1cracked dl...ib.dll
windows10-2004-x64
3dll data/BRD.dll
windows7-x64
5dll data/BRD.dll
windows10-2004-x64
5dll data/D...es.dll
windows7-x64
5dll data/D...es.dll
windows10-2004-x64
5resources/PIM.dll
windows7-x64
3resources/PIM.dll
windows10-2004-x64
3resources/...ry.dll
windows7-x64
3resources/...ry.dll
windows10-2004-x64
3Analysis
-
max time kernel
0s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
24-10-2022 07:52
Static task
static1
Behavioral task
behavioral1
Sample
Setup.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Setup.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
cracked dll/amtlib.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
cracked dll/amtlib.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
dll data/BRD.dll
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
dll data/BRD.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
dll data/DTCommonRes.dll
Resource
win7-20220901-en
Behavioral task
behavioral8
Sample
dll data/DTCommonRes.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
resources/PIM.dll
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
resources/PIM.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
resources/updaterinventory.dll
Resource
win7-20220901-en
Behavioral task
behavioral12
Sample
resources/updaterinventory.dll
Resource
win10v2004-20220812-en
General
-
Target
cracked dll/amtlib.dll
-
Size
1.7MB
-
MD5
69a95e60a3231cf5ff6715a32e98aa17
-
SHA1
95998a498a8aa91c4cf7ccb23fc5cfec526e82fd
-
SHA256
e560e1b25778fa669d8d4960e2a6a847cd0a4aa5d1042527f1a4998891b37d5f
-
SHA512
a248b203bacb0c4ecaab2ad8961103b5115c6195e62000e6ec1a531d142c2a58cd8135d5789442b37634e51cfd15734f2049372ebfe870ad9575da2a792dcec6
-
SSDEEP
49152:pCWDqQIXuvGZsenvmuhrj/oOqja4LT3Ibdycl7xtGsu7W:EZsevmuZQOqm4gTl7xtP
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 900 wrote to memory of 780 900 rundll32.exe rundll32.exe PID 900 wrote to memory of 780 900 rundll32.exe rundll32.exe PID 900 wrote to memory of 780 900 rundll32.exe rundll32.exe PID 900 wrote to memory of 780 900 rundll32.exe rundll32.exe PID 900 wrote to memory of 780 900 rundll32.exe rundll32.exe PID 900 wrote to memory of 780 900 rundll32.exe rundll32.exe PID 900 wrote to memory of 780 900 rundll32.exe rundll32.exe