Overview
overview
3Static
static
3Configurar.cmd
windows7-x64
1Configurar.cmd
windows10-2004-x64
1Instalar.cmd
windows7-x64
1Instalar.cmd
windows10-2004-x64
1Mono.Security.dll
windows7-x64
1Mono.Security.dll
windows10-2004-x64
1Npgsql.dll
windows7-x64
1Npgsql.dll
windows10-2004-x64
1System.Dat...te.dll
windows7-x64
1System.Dat...te.dll
windows10-2004-x64
1System.Net.Http.dll
windows7-x64
1System.Net.Http.dll
windows10-2004-x64
1System.ValueTuple.dll
windows7-x64
1System.ValueTuple.dll
windows10-2004-x64
1TCore.dll
windows7-x64
1TCore.dll
windows10-2004-x64
1TNrgyBss.dll
windows7-x64
1TNrgyBss.dll
windows10-2004-x64
1TNrgyModbusServer.exe
windows7-x64
1TNrgyModbusServer.exe
windows10-2004-x64
1en/TCore.r...es.dll
windows7-x64
1en/TCore.r...es.dll
windows10-2004-x64
1en/TNrgyBs...es.dll
windows7-x64
1en/TNrgyBs...es.dll
windows10-2004-x64
1en/TNrgyMo...es.dll
windows7-x64
1en/TNrgyMo...es.dll
windows10-2004-x64
1es/TCore.r...es.dll
windows7-x64
1es/TCore.r...es.dll
windows10-2004-x64
1es/TNrgyBs...es.dll
windows7-x64
1es/TNrgyBs...es.dll
windows10-2004-x64
1es/TNrgyMo...es.dll
windows7-x64
1es/TNrgyMo...es.dll
windows10-2004-x64
1Analysis
-
max time kernel
139s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
18-01-2024 08:54
Static task
static1
Behavioral task
behavioral1
Sample
Configurar.cmd
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
Configurar.cmd
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Instalar.cmd
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral4
Sample
Instalar.cmd
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Mono.Security.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
Mono.Security.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Npgsql.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral8
Sample
Npgsql.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
System.Data.SQLite.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
System.Data.SQLite.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
System.Net.Http.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
System.Net.Http.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
System.ValueTuple.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral14
Sample
System.ValueTuple.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
TCore.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral16
Sample
TCore.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
TNrgyBss.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
TNrgyBss.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
TNrgyModbusServer.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral20
Sample
TNrgyModbusServer.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
en/TCore.resources.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
en/TCore.resources.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
en/TNrgyBss.resources.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral24
Sample
en/TNrgyBss.resources.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
en/TNrgyModbusServer.resources.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral26
Sample
en/TNrgyModbusServer.resources.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
es/TCore.resources.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral28
Sample
es/TCore.resources.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
es/TNrgyBss.resources.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral30
Sample
es/TNrgyBss.resources.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
es/TNrgyModbusServer.resources.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral32
Sample
es/TNrgyModbusServer.resources.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
General
-
Target
en/TNrgyModbusServer.resources.dll
-
Size
4KB
-
MD5
6a7abed5a1ecb059d4a146b1bd306247
-
SHA1
4cb0fafccb33432208246266ee6b638f9380e053
-
SHA256
afa0a2d2b258588c636ff386d2d82bb4186cdf1ecb647dc19882eae0f2caea5c
-
SHA512
fa9d22e0249b5543f1aa5449277e2582916f469cd28532574327a40dd83253bbba5792d3fe0afdc399ef18870bb71eb0a5272b652d806dbe25ddfc2a7c883773
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3968 wrote to memory of 4168 3968 rundll32.exe 43 PID 3968 wrote to memory of 4168 3968 rundll32.exe 43 PID 3968 wrote to memory of 4168 3968 rundll32.exe 43