Overview

overview

7

Static

static

3

CloudBox_setup.exe

windows7-x64

7

CloudBox_setup.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...rk.dll

windows7-x64

1

$PLUGINSDI...rk.dll

windows10-2004-x64

1

CloudBox.exe

windows7-x64

1

CloudBox.exe

windows10-2004-x64

1

CloudBoxShellExt.dll

windows7-x64

1

CloudBoxShellExt.dll

windows10-2004-x64

1

CloudBoxSh...64.dll

windows7-x64

7

CloudBoxSh...64.dll

windows10-2004-x64

7

DTXmlParser.dll

windows7-x64

3

DTXmlParser.dll

windows10-2004-x64

3

Helper.dll

windows7-x64

1

Helper.dll

windows10-2004-x64

1

MthreadLib71.dll

windows7-x64

3

MthreadLib71.dll

windows10-2004-x64

3

SetupTo.exe

windows7-x64

1

SetupTo.exe

windows10-2004-x64

1

UnSetupTo.exe

windows7-x64

1

UnSetupTo.exe

windows10-2004-x64

1

Updater.exe

windows7-x64

1

Updater.exe

windows10-2004-x64

1

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    136s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13-01-2024 10:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/processwork.dll

  • Size

    231KB

  • MD5

    0a4fa7a9ba969a805eb0603c7cfe3378

  • SHA1

    0f018a8d5b42c6ce8bf34b4a6422861c327af88c

  • SHA256

    27329ea7002d9ce81c8e28e97a5c761922097b33cedeada4db30d2b9d505007c

  • SHA512

    e13e29712457d5e6351bfd69cba6320795d8b2fd1a047923814f8699f7188ec730ec7f0d946fdff66c8b430fef011415ed045b6ea56e4cc0b1d010171ab88178

  • SSDEEP

    3072:n/93Fm9hfGIGjk1qc55CDoGowH6Fb/CcXwuCoty1IKYOlIa+zUk9sfqQAPfujRzS:/94yj9c55CDorNqot43ndqQpzjIKW

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\processwork.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5028
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\processwork.dll,#1
      2⤵
        PID:2360

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads