Overview
overview
8Static
static
1LaunchMana...TL.dll
windows7-x64
1LaunchMana...TL.dll
windows10-2004-x64
1LaunchMana...Io.dll
windows7-x64
1LaunchMana...Io.dll
windows10-2004-x64
1LaunchMana...pp.exe
windows7-x64
1LaunchMana...pp.exe
windows10-2004-x64
1LaunchMana...tl.dll
windows7-x64
3LaunchMana...tl.dll
windows10-2004-x64
3LaunchMana...tl.dll
windows7-x64
1LaunchMana...tl.dll
windows10-2004-x64
3LaunchMana...vV.dll
windows7-x64
8LaunchMana...vV.dll
windows10-2004-x64
8LaunchMana...32.exe
windows7-x64
1LaunchMana...32.exe
windows10-2004-x64
1LaunchMana...oc.exe
windows7-x64
1LaunchMana...oc.exe
windows10-2004-x64
1LaunchMana...ad.dll
windows7-x64
1LaunchMana...ad.dll
windows10-2004-x64
1LaunchMana...lp.dll
windows7-x64
1LaunchMana...lp.dll
windows10-2004-x64
1LaunchMana...TL.dll
windows7-x64
1LaunchMana...TL.dll
windows10-2004-x64
1LaunchMana...ng.dll
windows7-x64
1LaunchMana...ng.dll
windows10-2004-x64
3LaunchMana...er.exe
windows7-x64
3LaunchMana...er.exe
windows10-2004-x64
3LaunchMana...ig.exe
windows7-x64
1LaunchMana...ig.exe
windows10-2004-x64
1LaunchMana...V2.exe
windows7-x64
1LaunchMana...V2.exe
windows10-2004-x64
3LaunchMana...ps.exe
windows7-x64
1LaunchMana...ps.exe
windows10-2004-x64
1Analysis
-
max time kernel
120s -
max time network
145s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 12:36
Static task
static1
Behavioral task
behavioral1
Sample
LaunchManager_Dritek_7.0.4_W8x64/CDROMUTL.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
LaunchManager_Dritek_7.0.4_W8x64/CDROMUTL.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
LaunchManager_Dritek_7.0.4_W8x64/CdDirIo.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
LaunchManager_Dritek_7.0.4_W8x64/CdDirIo.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
LaunchManager_Dritek_7.0.4_W8x64/CloseApp/CloseHookApp.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
LaunchManager_Dritek_7.0.4_W8x64/CloseApp/CloseHookApp.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
LaunchManager_Dritek_7.0.4_W8x64/ComFnUtl.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral8
Sample
LaunchManager_Dritek_7.0.4_W8x64/ComFnUtl.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
LaunchManager_Dritek_7.0.4_W8x64/DHBKcUtl.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
LaunchManager_Dritek_7.0.4_W8x64/DHBKcUtl.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
LaunchManager_Dritek_7.0.4_W8x64/DelPrevV.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral12
Sample
LaunchManager_Dritek_7.0.4_W8x64/DelPrevV.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
LaunchManager_Dritek_7.0.4_W8x64/DkLaunch/DkRun32.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
LaunchManager_Dritek_7.0.4_W8x64/DkLaunch/DkRun32.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
LaunchManager_Dritek_7.0.4_W8x64/DkLaunch/DkUserProc.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral16
Sample
LaunchManager_Dritek_7.0.4_W8x64/DkLaunch/DkUserProc.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
LaunchManager_Dritek_7.0.4_W8x64/HIDRead.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
LaunchManager_Dritek_7.0.4_W8x64/HIDRead.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
LaunchManager_Dritek_7.0.4_W8x64/IdCardHelp.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
LaunchManager_Dritek_7.0.4_W8x64/IdCardHelp.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
LaunchManager_Dritek_7.0.4_W8x64/LGKCUTL.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
LaunchManager_Dritek_7.0.4_W8x64/LGKCUTL.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
LaunchManager_Dritek_7.0.4_W8x64/LMLang.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
LaunchManager_Dritek_7.0.4_W8x64/LMLang.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
LaunchManager_Dritek_7.0.4_W8x64/LManager.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral26
Sample
LaunchManager_Dritek_7.0.4_W8x64/LManager.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
LaunchManager_Dritek_7.0.4_W8x64/LMconfig.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral28
Sample
LaunchManager_Dritek_7.0.4_W8x64/LMconfig.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
LaunchManager_Dritek_7.0.4_W8x64/LMconfigV2.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral30
Sample
LaunchManager_Dritek_7.0.4_W8x64/LMconfigV2.exe
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
LaunchManager_Dritek_7.0.4_W8x64/LMutilps.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral32
Sample
LaunchManager_Dritek_7.0.4_W8x64/LMutilps.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
General
-
Target
LaunchManager_Dritek_7.0.4_W8x64/DHBKcUtl.dll
-
Size
86KB
-
MD5
373bbeb9220a40d51880dd63ec5b6a6f
-
SHA1
4362d422fb38ab9e57d165ca65b600ac5bbf1cbb
-
SHA256
2443256e769b9814a5c5c7ae58f82d3b6eac5d4756b1516c3bae0ea3a5f39241
-
SHA512
bbd968a09d3935cde832b6a74b1bd651a8441e3691d4daa1a89ef9705cb7768ba857e62d8b3ffbed43dd9ce78f140f05b2cb239f911b1461c2034e64d8fa7e21
-
SSDEEP
1536:VwsqVAwcqP1HohXF88g8mIePaKhQ9SXu8CxC8DZ:syyHohXFBm1aKhQ8RWl
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2512 wrote to memory of 3060 2512 rundll32.exe 24 PID 2512 wrote to memory of 3060 2512 rundll32.exe 24 PID 2512 wrote to memory of 3060 2512 rundll32.exe 24 PID 2512 wrote to memory of 3060 2512 rundll32.exe 24 PID 2512 wrote to memory of 3060 2512 rundll32.exe 24 PID 2512 wrote to memory of 3060 2512 rundll32.exe 24 PID 2512 wrote to memory of 3060 2512 rundll32.exe 24
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\LaunchManager_Dritek_7.0.4_W8x64\DHBKcUtl.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2512 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\LaunchManager_Dritek_7.0.4_W8x64\DHBKcUtl.dll,#12⤵PID:3060
-