Overview
overview
10Static
static
00790 Dec 01.vhd
macos-10.15-amd64
1out.vhd
macos-10.15-amd64
00790 Dec 01.lnk
windows7-x64
1000790 Dec 01.lnk
windows10-2004-x64
1048.dll
windows7-x64
148.dll
windows10-2004-x64
1System Vol...meGuid
windows7-x64
1System Vol...meGuid
windows10-2004-x64
1System Vol...gs.dat
windows7-x64
3System Vol...gs.dat
windows10-2004-x64
3Analysis
-
max time kernel
5s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
01-12-2022 19:33
Static task
static1
Behavioral task
behavioral1
Sample
00790 Dec 01.vhd
Resource
macos-20220504-en
Behavioral task
behavioral2
Sample
out.vhd
Resource
macos-20220504-en
Behavioral task
behavioral3
Sample
00790 Dec 01.lnk
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
00790 Dec 01.lnk
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
48.dll
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
48.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral7
Sample
System Volume Information/IndexerVolumeGuid
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
System Volume Information/IndexerVolumeGuid
Resource
win10v2004-20220812-en
Behavioral task
behavioral9
Sample
System Volume Information/WPSettings.dat
Resource
win7-20221111-en
Behavioral task
behavioral10
Sample
System Volume Information/WPSettings.dat
Resource
win10v2004-20220812-en
General
-
Target
48.dll
-
Size
600KB
-
MD5
5f2f64254193b3e46ad38110af70c191
-
SHA1
3c390a854b4bed296d549288e42ab9388a39b42b
-
SHA256
cff751c5dc8d9914b185064dd21cbbac5db7768cab5be0eab6bc2ac958559ef6
-
SHA512
708d894742bc1cb1c1f855771d364f4a1388aa0abdd920767330509bea6977d2e9c8efab4ba25e60ad61f6320b42840f207d7e25b68e803cc57f28809d35cd2b
-
SSDEEP
12288:QSUUEfo5I6/o2qgkpUdG9Msme0CWUdOWk4F:QSTiWDvLmRme0C0Wk4
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1492 wrote to memory of 904 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 904 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 904 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 904 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 904 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 904 1492 rundll32.exe rundll32.exe PID 1492 wrote to memory of 904 1492 rundll32.exe rundll32.exe