Overview

overview

10

Static

static

CX.lnk

windows7-x64

10

CX.lnk

windows10-2004-x64

10

glasses/as...cs.dll

windows7-x64

1

glasses/as...cs.dll

windows10-2004-x64

1

glasses/caitiff.cmd

windows7-x64

1

glasses/caitiff.cmd

windows10-2004-x64

1

glasses/ce...ed.cmd

windows7-x64

1

glasses/ce...ed.cmd

windows10-2004-x64

1

Resubmissions

05-12-2022 21:32

221205-1dpr9ahe72 10

05-12-2022 21:12

221205-z2lj3abc8x 10

05-12-2022 17:34

221205-v5vvpaeb7t 10

Analysis

  • max time kernel
    412s
  • max time network
    423s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    05-12-2022 21:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    glasses/astrophysics.dll

  • Size

    599KB

  • MD5

    8016278a2154ddd50fa719a15d93f166

  • SHA1

    af6b2dddaf6192ee547c783a58dc6ce49317a54d

  • SHA256

    22c550ddaee6ffdc3b4ab09bcc64461d444312958cd14f05178b2124de18ffa4

  • SHA512

    7bf75b38b29a685be4fbce0700e9a22f273911eb71400de028bbf3e9e2e586c992b168bb752562b19e7373f672e31d7a42fb1735fb2ef7b02951c1f18f642faf

  • SSDEEP

    12288:W+hfiNzqkalTfvvHWiYj7amQZGTcpC20ZsGOIBrupfJ:W+hnXWi+2pZG4UP6nIBrUJ

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\glasses\astrophysics.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:756
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\glasses\astrophysics.dll,#1
      2⤵
        PID:1628

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1628-54-0x0000000000000000-mapping.dmp
      Download
    • memory/1628-55-0x0000000075831000-0x0000000075833000-memory.dmp
      Filesize

      8KB

      Download