Overview
overview
8Static
static
8ybtbbfz/libeay32.dll
windows7-x64
1ybtbbfz/libeay32.dll
windows10-2004-x64
1ybtbbfz/ssleay32.dll
windows7-x64
1ybtbbfz/ssleay32.dll
windows10-2004-x64
1ybtbbfz/�...��.exe
windows7-x64
8ybtbbfz/�...��.exe
windows10-2004-x64
8ybtbbfz/�...om.url
windows7-x64
1ybtbbfz/�...om.url
windows10-2004-x64
1Analysis
-
max time kernel
35s -
max time network
41s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
25-11-2022 22:11
Behavioral task
behavioral1
Sample
ybtbbfz/libeay32.dll
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
ybtbbfz/libeay32.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
ybtbbfz/ssleay32.dll
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
ybtbbfz/ssleay32.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
ybtbbfz/友邦店铺宝贝下载专家.exe
Resource
win7-20220901-en
Behavioral task
behavioral6
Sample
ybtbbfz/友邦店铺宝贝下载专家.exe
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
ybtbbfz/河源下载站-xz7.com.url
Resource
win7-20221111-en
Behavioral task
behavioral8
Sample
ybtbbfz/河源下载站-xz7.com.url
Resource
win10v2004-20221111-en
General
-
Target
ybtbbfz/ssleay32.dll
-
Size
305KB
-
MD5
5160c01c27902af4a101ad40f3806b2d
-
SHA1
15dcc5cd89cef5b5c7279945ff755cb048d2a3aa
-
SHA256
7758cea6ce6d26c20ffec118793d8aa46ea3e10540974169eb2f5fe55cd59d15
-
SHA512
0265f379078b853640845852e481a4db85975da03b49091498a669afaeecdc690e601c46ab3ff50bd30f0b68360104cfb9c87e080f163bbda1d4436268d383cd
-
SSDEEP
6144:yVipv1RSqPRNwmxgj2i1IqoaV/5jeK9GRtg:yV8R9LwYgjbVVCg
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1344 wrote to memory of 1560 1344 rundll32.exe rundll32.exe PID 1344 wrote to memory of 1560 1344 rundll32.exe rundll32.exe PID 1344 wrote to memory of 1560 1344 rundll32.exe rundll32.exe PID 1344 wrote to memory of 1560 1344 rundll32.exe rundll32.exe PID 1344 wrote to memory of 1560 1344 rundll32.exe rundll32.exe PID 1344 wrote to memory of 1560 1344 rundll32.exe rundll32.exe PID 1344 wrote to memory of 1560 1344 rundll32.exe rundll32.exe