Analysis
-
max time kernel
123s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
31/03/2023, 08:28
Static task
static1
Behavioral task
behavioral1
Sample
GPUPI-CLI.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
GPUPI-CLI.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
GPUPI.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
GPUPI.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
HWiNFO32.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
HWiNFO32.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
cudart32_65.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
cudart32_65.dll
Resource
win10v2004-20230220-en
General
-
Target
HWiNFO32.dll
-
Size
1.3MB
-
MD5
4f1c18f9524c7069d343919f1ff15cb5
-
SHA1
0c5e91656dfe7efd68089e0d58d1e19b671b0b6a
-
SHA256
ea24f4c05c56dc84cb08c139f09b247d4f09da0a0dbed462bf4a703b2279153d
-
SHA512
08868eeafc59a8052f365df8f234f01599b177a85db2456ae52e5973ba5764adc88ac438b441345b9a6f3ac20b989f19363ca8d2e74a5385df5fd9f5ea81b9cc
-
SSDEEP
24576:vyQMb4MeHQ/4uH56x56b0YIghtC+sgeos70o/GQ/P9gWWANR3U3QZUfTidDrNg:vq38c/HQxm0fv9o00U/P97TrUfTidDu
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4448 wrote to memory of 1424 4448 rundll32.exe 82 PID 4448 wrote to memory of 1424 4448 rundll32.exe 82 PID 4448 wrote to memory of 1424 4448 rundll32.exe 82