Overview
overview
3Static
static
3OfficeShar...er.dll
windows7-x64
3OfficeShar...er.dll
windows10-2004-x64
3OfficeShar...gc.dll
windows7-x64
1OfficeShar...gc.dll
windows10-2004-x64
1OfficeShar...tor.js
windows7-x64
1OfficeShar...tor.js
windows10-2004-x64
1OfficeShar...tor.js
windows7-x64
1OfficeShar...tor.js
windows10-2004-x64
1OfficeShar...tor.js
windows7-x64
1OfficeShar...tor.js
windows10-2004-x64
1OfficeShar...ng.exe
windows7-x64
1OfficeShar...ng.exe
windows10-2004-x64
1OfficeShar...rp.dll
windows7-x64
1OfficeShar...rp.dll
windows10-2004-x64
1OfficeShar...en.dll
windows7-x64
1OfficeShar...en.dll
windows10-2004-x64
1OfficeShar...ro.dll
windows7-x64
1OfficeShar...ro.dll
windows10-2004-x64
1OfficeShar...ib.dll
windows7-x64
1OfficeShar...ib.dll
windows10-2004-x64
OfficeShar...ty.dll
windows7-x64
1OfficeShar...ty.dll
windows10-2004-x64
1OfficeShar...on.dll
windows7-x64
1OfficeShar...on.dll
windows10-2004-x64
1OfficeShar...on.dll
windows7-x64
1OfficeShar...on.dll
windows10-2004-x64
1OfficeShar...re.dll
windows7-x64
1OfficeShar...re.dll
windows10-2004-x64
1OfficeShar...ta.dll
windows7-x64
1OfficeShar...ta.dll
windows10-2004-x64
1OfficeShar...ce.dll
windows7-x64
1OfficeShar...ce.dll
windows10-2004-x64
1Analysis
-
max time kernel
118s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231215-es -
resource tags
arch:x64arch:x86image:win7-20231215-eslocale:es-esos:windows7-x64systemwindows -
submitted
30/12/2023, 00:24
Static task
static1
Behavioral task
behavioral1
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/MonoBleedingEdge/EmbedRuntime/MonoPosixHelper.dll
Resource
win7-20231215-es
windows7-x64
Behavioral task
behavioral2
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/MonoBleedingEdge/EmbedRuntime/MonoPosixHelper.dll
Resource
win10v2004-20231215-es
windows10-2004-x64
Behavioral task
behavioral3
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/MonoBleedingEdge/EmbedRuntime/mono-2.0-bdwgc.dll
Resource
win7-20231215-es
windows7-x64
Behavioral task
behavioral4
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/MonoBleedingEdge/EmbedRuntime/mono-2.0-bdwgc.dll
Resource
win10v2004-20231222-es
windows10-2004-x64
Behavioral task
behavioral5
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/MonoBleedingEdge/etc/mono/2.0/DefaultWsdlHelpGenerator.js
Resource
win7-20231129-es
windows7-x64
Behavioral task
behavioral6
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/MonoBleedingEdge/etc/mono/2.0/DefaultWsdlHelpGenerator.js
Resource
win10v2004-20231215-es
windows10-2004-x64
Behavioral task
behavioral7
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/MonoBleedingEdge/etc/mono/4.0/DefaultWsdlHelpGenerator.js
Resource
win7-20231215-es
windows7-x64
Behavioral task
behavioral8
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/MonoBleedingEdge/etc/mono/4.0/DefaultWsdlHelpGenerator.js
Resource
win10v2004-20231222-es
windows10-2004-x64
Behavioral task
behavioral9
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/MonoBleedingEdge/etc/mono/4.5/DefaultWsdlHelpGenerator.js
Resource
win7-20231215-es
windows7-x64
Behavioral task
behavioral10
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/MonoBleedingEdge/etc/mono/4.5/DefaultWsdlHelpGenerator.js
Resource
win10v2004-20231215-es
windows10-2004-x64
Behavioral task
behavioral11
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing.exe
Resource
win7-20231215-es
windows7-x64
Behavioral task
behavioral12
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing.exe
Resource
win10v2004-20231215-es
windows10-2004-x64
Behavioral task
behavioral13
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/Assembly-CSharp.dll
Resource
win7-20231215-es
windows7-x64
Behavioral task
behavioral14
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/Assembly-CSharp.dll
Resource
win10v2004-20231215-es
windows10-2004-x64
Behavioral task
behavioral15
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/DOTween.dll
Resource
win7-20231215-es
windows7-x64
Behavioral task
behavioral16
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/DOTween.dll
Resource
win10v2004-20231222-es
windows10-2004-x64
Behavioral task
behavioral17
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/DOTweenPro.dll
Resource
win7-20231215-es
windows7-x64
Behavioral task
behavioral18
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/DOTweenPro.dll
Resource
win10v2004-20231215-es
windows10-2004-x64
Behavioral task
behavioral19
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/DemiLib.dll
Resource
win7-20231215-es
windows7-x64
Behavioral task
behavioral20
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/DemiLib.dll
Resource
win10v2004-20231215-es
windows10-2004-x64
Behavioral task
behavioral21
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/Mono.Security.dll
Resource
win7-20231215-es
windows7-x64
Behavioral task
behavioral22
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/Mono.Security.dll
Resource
win10v2004-20231215-es
windows10-2004-x64
Behavioral task
behavioral23
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/System.ComponentModel.Composition.dll
Resource
win7-20231215-es
windows7-x64
Behavioral task
behavioral24
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/System.ComponentModel.Composition.dll
Resource
win10v2004-20231215-es
windows10-2004-x64
Behavioral task
behavioral25
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/System.Configuration.dll
Resource
win7-20231129-es
windows7-x64
Behavioral task
behavioral26
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/System.Configuration.dll
Resource
win10v2004-20231215-es
windows10-2004-x64
Behavioral task
behavioral27
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/System.Core.dll
Resource
win7-20231215-es
windows7-x64
Behavioral task
behavioral28
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/System.Core.dll
Resource
win10v2004-20231215-es
windows10-2004-x64
Behavioral task
behavioral29
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/System.Data.dll
Resource
win7-20231215-es
windows7-x64
Behavioral task
behavioral30
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/System.Data.dll
Resource
win10v2004-20231215-es
windows10-2004-x64
Behavioral task
behavioral31
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/System.Diagnostics.StackTrace.dll
Resource
win7-20231215-es
windows7-x64
Behavioral task
behavioral32
Sample
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/Office Sharing_Data/Managed/System.Diagnostics.StackTrace.dll
Resource
win10v2004-20231215-es
windows10-2004-x64
General
-
Target
OfficeSharing RJ311604/OfficeSharing/OfficeSharing_Windows/MonoBleedingEdge/EmbedRuntime/mono-2.0-bdwgc.dll
-
Size
3.7MB
-
MD5
b0a6f8d10fbef0f8f92cd9bf333f4f3a
-
SHA1
48cb994a9d67c49b727973352b3ef2b72757754d
-
SHA256
acbb769d7c9e35e6ed363649f1998f9a1502b9e3a0bedd24ef1afbe325ee8a43
-
SHA512
026b0e77d2fff9e1b99c30d5008fb0e116cd473d1fcc12349891ac72f0fdbc5cd78fffd6cd3b448de6b4af2e9f7862144f028beb880e93843f65f7597f762ccd
-
SSDEEP
98304:jwkMVMK4Pvw2OTDoygwszuCyrJJ5zKxXvLHMQReSND0zWessT5geSzICu+ZscxCk:J9K4Pvw2OTDoyCjZsr3GAk
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 3008 wrote to memory of 2336 3008 rundll32.exe 29 PID 3008 wrote to memory of 2336 3008 rundll32.exe 29 PID 3008 wrote to memory of 2336 3008 rundll32.exe 29 PID 3008 wrote to memory of 2336 3008 rundll32.exe 29 PID 3008 wrote to memory of 2336 3008 rundll32.exe 29 PID 3008 wrote to memory of 2336 3008 rundll32.exe 29 PID 3008 wrote to memory of 2336 3008 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\OfficeSharing RJ311604\OfficeSharing\OfficeSharing_Windows\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:3008 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\OfficeSharing RJ311604\OfficeSharing\OfficeSharing_Windows\MonoBleedingEdge\EmbedRuntime\mono-2.0-bdwgc.dll",#12⤵PID:2336
-