Overview
overview
10Static
static
3d44580ffdb...82.exe
windows7-x64
1d44580ffdb...82.exe
windows10-2004-x64
10dpp.dll
windows7-x64
3dpp.dll
windows10-2004-x64
5libcrypto-1_1.dll
windows7-x64
1libcrypto-1_1.dll
windows10-2004-x64
3libsodium.dll
windows7-x64
1libsodium.dll
windows10-2004-x64
1libssl-1_1.dll
windows7-x64
1libssl-1_1.dll
windows10-2004-x64
1opus.dll
windows7-x64
1opus.dll
windows10-2004-x64
1zlib1.dll
windows7-x64
3zlib1.dll
windows10-2004-x64
3Analysis
-
max time kernel
1784s -
max time network
1790s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
07-07-2023 07:29
Static task
static1
Behavioral task
behavioral1
Sample
d44580ffdb610f1e16bb1aa1-1671885c0c25bc69333368a6-cd55441bbeb4517f30766c0e80428782.exe
Resource
win7-20230703-en
Behavioral task
behavioral2
Sample
d44580ffdb610f1e16bb1aa1-1671885c0c25bc69333368a6-cd55441bbeb4517f30766c0e80428782.exe
Resource
win10v2004-20230703-en
Behavioral task
behavioral3
Sample
dpp.dll
Resource
win7-20230703-en
Behavioral task
behavioral4
Sample
dpp.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral5
Sample
libcrypto-1_1.dll
Resource
win7-20230703-en
Behavioral task
behavioral6
Sample
libcrypto-1_1.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral7
Sample
libsodium.dll
Resource
win7-20230703-en
Behavioral task
behavioral8
Sample
libsodium.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral9
Sample
libssl-1_1.dll
Resource
win7-20230703-en
Behavioral task
behavioral10
Sample
libssl-1_1.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral11
Sample
opus.dll
Resource
win7-20230705-en
Behavioral task
behavioral12
Sample
opus.dll
Resource
win10v2004-20230703-en
Behavioral task
behavioral13
Sample
zlib1.dll
Resource
win7-20230703-en
Behavioral task
behavioral14
Sample
zlib1.dll
Resource
win10v2004-20230703-en
General
-
Target
libssl-1_1.dll
-
Size
523KB
-
MD5
46c50a365a8a11627137ad52e4ab2f94
-
SHA1
6d02dc794a756c077233f074bd85c4b8241c24df
-
SHA256
187b33ab7a95d4722ff7dc6e2a0e6f121f68fd034b708a946b76748ec2a39b83
-
SHA512
3e2bdb912e77c249950d3dac3d3937d716e982fa9dfa3aeb48760219e53e99e70292294cc80992095bb18ee62329aac69c253dea2ae6037c9e80e1500a32b1c0
-
SSDEEP
12288:gypyeH2O8Dkmb4yjpesKWjy/MMk+cdU2lvzAE:lceHp5PIQMT+aU2lvzAE
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1768 wrote to memory of 4080 1768 rundll32.exe rundll32.exe PID 1768 wrote to memory of 4080 1768 rundll32.exe rundll32.exe PID 1768 wrote to memory of 4080 1768 rundll32.exe rundll32.exe