Overview
overview
3Static
static
3ZModeler.2.2.6.rar
windows10-1703-x64
3ZModeler.2...D9.dll
windows10-1703-x64
1ZModeler.2...ds.dll
windows10-1703-x64
1ZModeler.2...d2.dll
windows10-1703-x64
1ZModeler.2...MG.dll
windows10-1703-x64
1ZModeler.2...3o.dll
windows10-1703-x64
1ZModeler.2...ut.dll
windows10-1703-x64
1ZModeler.2...FF.dll
windows10-1703-x64
1ZModeler.2...On.dll
windows10-1703-x64
1ZModeler.2...i2.dll
windows10-1703-x64
1ZModeler.2...on.dll
windows10-1703-x64
1ZModeler.2...SM.dll
windows10-1703-x64
1ZModeler.2...3D.dll
windows10-1703-x64
1ZModeler.2...ly.dll
windows10-1703-x64
1ZModeler.2..._2.dll
windows10-1703-x64
1ZModeler.2...NK.dll
windows10-1703-x64
1ZModeler.2...ly.dll
windows10-1703-x64
1ZModeler.2...iv.dll
windows10-1703-x64
1ZModeler.2...d2.dll
windows10-1703-x64
1ZModeler.2...ft.dll
windows10-1703-x64
1ZModeler.2...MT.dll
windows10-1703-x64
1ZModeler.2...bj.dll
windows10-1703-x64
1ZModeler.2...ls.dll
windows10-1703-x64
1ZModeler.2...ls.dll
windows10-1703-x64
1ZModeler.2...ls.dll
windows10-1703-x64
1ZModeler.2...FD.dll
windows10-1703-x64
1ZModeler.2...ts.dll
windows10-1703-x64
1ZModeler.2...ls.dll
windows10-1703-x64
1ZModeler.2...ls.dll
windows10-1703-x64
1ZModeler.2...on.dll
windows10-1703-x64
1ZModeler.2...le.xml
windows10-1703-x64
1ZModeler.2...op.ini
windows10-1703-x64
1Analysis
-
max time kernel
52s -
max time network
180s -
platform
windows10-1703_x64 -
resource
win10-20230220-es -
resource tags
arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows -
submitted
08/05/2023, 18:25
Static task
static1
Behavioral task
behavioral1
Sample
ZModeler.2.2.6.rar
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral2
Sample
ZModeler.2.2.6/Engines/D3D9.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral3
Sample
ZModeler.2.2.6/Filters/3ds.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral4
Sample
ZModeler.2.2.6/Filters/BattleField2.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral5
Sample
ZModeler.2.2.6/Filters/ConvoyPMG.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral6
Sample
ZModeler.2.2.6/Filters/Emergency3_v3o.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral7
Sample
ZModeler.2.2.6/Filters/FlatOut.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral8
Sample
ZModeler.2.2.6/Filters/GTA_SanAndreas_DFF.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral9
Sample
ZModeler.2.2.6/Filters/LockOn.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral10
Sample
ZModeler.2.2.6/Filters/MotoGranPri2.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral11
Sample
ZModeler.2.2.6/Filters/NFSCarbon.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral12
Sample
ZModeler.2.2.6/Filters/PSM.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral13
Sample
ZModeler.2.2.6/Filters/RaceDriverP3D.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral14
Sample
ZModeler.2.2.6/Filters/RichardBurnsRally.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral15
Sample
ZModeler.2.2.6/Filters/TestDriveUnlimited_2.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral16
Sample
ZModeler.2.2.6/Filters/TestDriveUnlimited_BNK.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral17
Sample
ZModeler.2.2.6/Filters/XPandRally.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral18
Sample
ZModeler.2.2.6/Filters/gtaiv.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral19
Sample
ZModeler.2.2.6/Filters/juiced2.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral20
Sample
ZModeler.2.2.6/Filters/nfsshift.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral21
Sample
ZModeler.2.2.6/Filters/rFactorGMT.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral22
Sample
ZModeler.2.2.6/Filters/wavefrontobj.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral23
Sample
ZModeler.2.2.6/Plugins/CreateTools.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral24
Sample
ZModeler.2.2.6/Plugins/DisplayTools.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral25
Sample
ZModeler.2.2.6/Plugins/EditingLevels.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral26
Sample
ZModeler.2.2.6/Plugins/FFD.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral27
Sample
ZModeler.2.2.6/Plugins/Lights.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral28
Sample
ZModeler.2.2.6/Plugins/ModifyTools.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral29
Sample
ZModeler.2.2.6/Plugins/SelectTools.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral30
Sample
ZModeler.2.2.6/Plugins/Skeleton.dll
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral31
Sample
ZModeler.2.2.6/ZModeler2_profile.xml
Resource
win10-20230220-es
windows10-1703-x64
Behavioral task
behavioral32
Sample
ZModeler.2.2.6/desktop.ini
Resource
win10-20230220-es
windows10-1703-x64
General
-
Target
ZModeler.2.2.6/Filters/rFactorGMT.dll
-
Size
136KB
-
MD5
4ea5e1b0d497a6db59dfb63f3de2b4a1
-
SHA1
f60a61690c4bedf382690422a555d5913003dc39
-
SHA256
3ad53282f8ba520e821cfc19fe8fe25418b247666ce3e122af93838b2607bf8e
-
SHA512
625e4ade55f8bd0962f13e4e7209bd68d21ed7ac5d712e0db50e5029bcece5a660b69c4ee9ac3a48d2ea9f45cbcc79c20c9a17a83705795b474a8ff353c225b7
-
SSDEEP
1536:s3YhWVYxjvmjdBm6x3oii+k2BeXwxwpqAK1KrQlx6gD2P7OLagoPftOABg:UC5xZ+YzaeywprKMrCx6EogytOAi
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4328 wrote to memory of 4996 4328 rundll32.exe 66 PID 4328 wrote to memory of 4996 4328 rundll32.exe 66 PID 4328 wrote to memory of 4996 4328 rundll32.exe 66
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ZModeler.2.2.6\Filters\rFactorGMT.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4328 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ZModeler.2.2.6\Filters\rFactorGMT.dll,#12⤵PID:4996
-