Analysis
-
max time kernel
31s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
31/03/2023, 08:28
Static task
static1
Behavioral task
behavioral1
Sample
GPUPI-CLI.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
GPUPI-CLI.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
GPUPI.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
GPUPI.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
HWiNFO32.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
HWiNFO32.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
cudart32_65.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
cudart32_65.dll
Resource
win10v2004-20230220-en
General
-
Target
HWiNFO32.dll
-
Size
1.3MB
-
MD5
4f1c18f9524c7069d343919f1ff15cb5
-
SHA1
0c5e91656dfe7efd68089e0d58d1e19b671b0b6a
-
SHA256
ea24f4c05c56dc84cb08c139f09b247d4f09da0a0dbed462bf4a703b2279153d
-
SHA512
08868eeafc59a8052f365df8f234f01599b177a85db2456ae52e5973ba5764adc88ac438b441345b9a6f3ac20b989f19363ca8d2e74a5385df5fd9f5ea81b9cc
-
SSDEEP
24576:vyQMb4MeHQ/4uH56x56b0YIghtC+sgeos70o/GQ/P9gWWANR3U3QZUfTidDrNg:vq38c/HQxm0fv9o00U/P97TrUfTidDu
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1964 wrote to memory of 1956 1964 rundll32.exe 28 PID 1964 wrote to memory of 1956 1964 rundll32.exe 28 PID 1964 wrote to memory of 1956 1964 rundll32.exe 28 PID 1964 wrote to memory of 1956 1964 rundll32.exe 28 PID 1964 wrote to memory of 1956 1964 rundll32.exe 28 PID 1964 wrote to memory of 1956 1964 rundll32.exe 28 PID 1964 wrote to memory of 1956 1964 rundll32.exe 28