Overview
overview
3Static
static
3languages/...2).dll
windows10-1703-x64
1languages/...py.dll
windows10-1703-x64
1languages/...PI.dll
windows10-1703-x64
1languages/...2).dll
windows10-1703-x64
1languages/...py.dll
windows10-1703-x64
1languages/...el.dll
windows10-1703-x64
1languages/...2).dll
windows10-1703-x64
1languages/...py.dll
windows10-1703-x64
1languages/...in.dll
windows10-1703-x64
1languages/...2).dll
windows10-1703-x64
1languages/...py.dll
windows10-1703-x64
1languages/...VM.dll
windows10-1703-x64
1languages/...2).dll
windows10-1703-x64
1languages/...py.dll
windows10-1703-x64
1languages/...et.dll
windows10-1703-x64
1languages/...2).dll
windows10-1703-x64
1languages/...py.dll
windows10-1703-x64
1languages/...SC.dll
windows10-1703-x64
1languages/...2).dll
windows10-1703-x64
1languages/...py.dll
windows10-1703-x64
1languages/...PI.dll
windows10-1703-x64
1languages/...2).dll
windows10-1703-x64
1languages/...py.dll
windows10-1703-x64
1languages/...cs.dll
windows10-1703-x64
1languages/...2).dll
windows10-1703-x64
1languages/...py.dll
windows10-1703-x64
1languages/...er.dll
windows10-1703-x64
1languages/...2).dll
windows10-1703-x64
1languages/...py.dll
windows10-1703-x64
1languages/...le.dll
windows10-1703-x64
1languages/...2).dll
windows10-1703-x64
1languages/...py.dll
windows10-1703-x64
1Analysis
-
max time kernel
127s -
max time network
133s -
platform
windows10-1703_x64 -
resource
win10-20230703-en -
resource tags
arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system -
submitted
23-07-2023 22:52
Static task
static1
Behavioral task
behavioral1
Sample
languages/en_XM/DasAPI - Copy (2).dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral2
Sample
languages/en_XM/DasAPI - Copy.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral3
Sample
languages/en_XM/DasAPI.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral4
Sample
languages/en_XM/DeviceDiscoveryModel - Copy (2).dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral5
Sample
languages/en_XM/DeviceDiscoveryModel - Copy.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral6
Sample
languages/en_XM/DeviceDiscoveryModel.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral7
Sample
languages/en_XM/DevicePlugin - Copy (2).dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral8
Sample
languages/en_XM/DevicePlugin - Copy.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral9
Sample
languages/en_XM/DevicePlugin.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral10
Sample
languages/en_XM/MVVM - Copy (2).dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral11
Sample
languages/en_XM/MVVM - Copy.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral12
Sample
languages/en_XM/MVVM.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral13
Sample
languages/en_XM/ManifestDedupEngineDotNet - Copy (2).dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral14
Sample
languages/en_XM/ManifestDedupEngineDotNet - Copy.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral15
Sample
languages/en_XM/ManifestDedupEngineDotNet.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral16
Sample
languages/en_XM/WDBackupVSC - Copy (2).dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral17
Sample
languages/en_XM/WDBackupVSC - Copy.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral18
Sample
languages/en_XM/WDBackupVSC.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral19
Sample
languages/en_XM/WDDriveAPI - Copy (2).dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral20
Sample
languages/en_XM/WDDriveAPI - Copy.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral21
Sample
languages/en_XM/WDDriveAPI.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral22
Sample
languages/en_XM/WDGoogleAnalytics - Copy (2).dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral23
Sample
languages/en_XM/WDGoogleAnalytics - Copy.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral24
Sample
languages/en_XM/WDGoogleAnalytics.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral25
Sample
languages/en_XM/WDHttpHelper - Copy (2).dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral26
Sample
languages/en_XM/WDHttpHelper - Copy.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral27
Sample
languages/en_XM/WDHttpHelper.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral28
Sample
languages/en_XM/WDLocale - Copy (2).dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral29
Sample
languages/en_XM/WDLocale - Copy.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral30
Sample
languages/en_XM/WDLocale.dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral31
Sample
languages/en_XM/WDLog - Copy (2).dll
Resource
win10-20230703-en
windows10-1703-x64
Behavioral task
behavioral32
Sample
languages/en_XM/WDLog - Copy.dll
Resource
win10-20230703-en
windows10-1703-x64
General
-
Target
languages/en_XM/ManifestDedupEngineDotNet.dll
-
Size
78KB
-
MD5
89b8e7e62ead8271849310eea29d3e1c
-
SHA1
ec3d8a29712c000f5dea41a1713dbdf28bc7e2a1
-
SHA256
6075b892121ef2f8856082aa4b5cf508a78b835f846e1e86a412ed714e25210c
-
SHA512
59dcd2083b8e1c2c509e588354d3863bcafb4734b7f63dbb7bef687653cc849eebbfcc7b0f0dc508842caea274a928258a860bae53309fdf6e471d5c35dd69e5
-
SSDEEP
1536:QtshZyiimYQeBr4balrKK8zp+IUttyYRzkkXCzBaA4M:wAbi1/rKZV+vtHXCzv4M
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2332 wrote to memory of 2432 2332 rundll32.exe 70 PID 2332 wrote to memory of 2432 2332 rundll32.exe 70 PID 2332 wrote to memory of 2432 2332 rundll32.exe 70
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\languages\en_XM\ManifestDedupEngineDotNet.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\languages\en_XM\ManifestDedupEngineDotNet.dll,#12⤵PID:2432
-