Resubmissions
07-02-2024 13:21
240207-qlmmrahhgr 6Analysis
-
max time kernel
143s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
07-02-2024 13:21
Static task
static1
Behavioral task
behavioral1
Sample
220509 - (Cabinet Meeting 2022)/Increasingly confident US is baiting China.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
220509 - (Cabinet Meeting 2022)/Increasingly confident US is baiting China.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
220509 - (Cabinet Meeting 2022)/libcef.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
220509 - (Cabinet Meeting 2022)/libcef.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
220509 - (Cabinet Meeting 2022)/~.docx
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
220509 - (Cabinet Meeting 2022)/~.docx
Resource
win10v2004-20231222-en
General
-
Target
220509 - (Cabinet Meeting 2022)/libcef.dll
-
Size
190KB
-
MD5
268d61837aa248c1d49a973612a129ce
-
SHA1
1da0d7053ace976847cc2c9ff783743195178013
-
SHA256
966ab1c468e3fc7d8d8b2d73a9ca9a85d352a0db8043c5eab36dd304a5915812
-
SHA512
ec9015ffb5d7f5b545ce30f91314de961757c1f885ef3a66a7b918418f48cfbe38dcfa9d2ac9c8969469560d50696a55c8a9d5b55f58f675e1248b7328ccbcaa
-
SSDEEP
3072:GZyxSazBuliXpfiRFc/E4RqaHH+h2hsD1ZeTir6l9ZsyBtPUb:Gn4pKrcZqWH+hGsfeTZL
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 652 wrote to memory of 2596 652 rundll32.exe 84 PID 652 wrote to memory of 2596 652 rundll32.exe 84 PID 652 wrote to memory of 2596 652 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\220509 - (Cabinet Meeting 2022)\libcef.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:652 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\220509 - (Cabinet Meeting 2022)\libcef.dll",#12⤵PID:2596
-