Overview
overview
3Static
static
3pugdogrun/GdiPlus.dll
windows7-x64
3pugdogrun/GdiPlus.dll
windows10-2004-x64
3pugdogrun/Idle.dll
windows7-x64
1pugdogrun/Idle.dll
windows10-2004-x64
1pugdogrun/...ce.dll
windows7-x64
3pugdogrun/...ce.dll
windows10-2004-x64
3pugdogrun/KTLog.dll
windows7-x64
3pugdogrun/KTLog.dll
windows10-2004-x64
3pugdogrun/...��.exe
windows7-x64
1pugdogrun/...��.exe
windows10-2004-x64
1pugdogrun/Support.dll
windows7-x64
3pugdogrun/Support.dll
windows10-2004-x64
3pugdogrun/mfc90.dll
windows7-x64
1pugdogrun/mfc90.dll
windows10-2004-x64
1pugdogrun/...hs.dll
windows7-x64
1pugdogrun/...hs.dll
windows10-2004-x64
1pugdogrun/...nu.dll
windows7-x64
1pugdogrun/...nu.dll
windows10-2004-x64
1pugdogrun/msctfm.exe
windows7-x64
1pugdogrun/msctfm.exe
windows10-2004-x64
1pugdogrun/msvcp90.dll
windows7-x64
1pugdogrun/msvcp90.dll
windows10-2004-x64
1pugdogrun/msvcr90.dll
windows7-x64
1pugdogrun/msvcr90.dll
windows10-2004-x64
1pugdogrun/pugdog.exe
windows7-x64
1pugdogrun/pugdog.exe
windows10-2004-x64
1pugdogrun/...��.url
windows7-x64
1pugdogrun/...��.url
windows10-2004-x64
1Analysis
-
max time kernel
118s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
15/03/2024, 01:47
Static task
static1
Behavioral task
behavioral1
Sample
pugdogrun/GdiPlus.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
pugdogrun/GdiPlus.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
pugdogrun/Idle.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
pugdogrun/Idle.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
pugdogrun/Interface.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
pugdogrun/Interface.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
pugdogrun/KTLog.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
pugdogrun/KTLog.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
pugdogrun/QQ记录邮件解压工具.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
pugdogrun/QQ记录邮件解压工具.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
pugdogrun/Support.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
pugdogrun/Support.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
pugdogrun/mfc90.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
pugdogrun/mfc90.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
pugdogrun/mfc90chs.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
pugdogrun/mfc90chs.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
pugdogrun/mfc90enu.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
pugdogrun/mfc90enu.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
pugdogrun/msctfm.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
pugdogrun/msctfm.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
pugdogrun/msvcp90.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
pugdogrun/msvcp90.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
pugdogrun/msvcr90.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
pugdogrun/msvcr90.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
pugdogrun/pugdog.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
pugdogrun/pugdog.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
pugdogrun/新云软件.url
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
pugdogrun/新云软件.url
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
pugdogrun/GdiPlus.dll
-
Size
1.6MB
-
MD5
b5625560cda13a81d367b32e6f9fc4ac
-
SHA1
f6c2b5168bca5f6e6eb930f7688bb8b8634cb582
-
SHA256
377f8efb6b05f13a9b1a8c8a237c44cf4f6309b27c8913cc665cd1aa11a189df
-
SHA512
f5b6ae03d0f0eba8bc5e7b5f1f0fa06fffc6fd0421cf06a4a60ea1c45d5f76449f1a3cd24c9bfc54105398f76717987dd62953886cb1b348c4eba075e6c2f82f
-
SSDEEP
24576:2uV2jR8Jitgx1PnLq3+WJPS/kgDnnkYBS9ZhynO0WTOxi:2uMjOitOtLq5JDkHc9MnWH
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 1284 1920 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2156 wrote to memory of 1920 2156 rundll32.exe 28 PID 2156 wrote to memory of 1920 2156 rundll32.exe 28 PID 2156 wrote to memory of 1920 2156 rundll32.exe 28 PID 2156 wrote to memory of 1920 2156 rundll32.exe 28 PID 2156 wrote to memory of 1920 2156 rundll32.exe 28 PID 2156 wrote to memory of 1920 2156 rundll32.exe 28 PID 2156 wrote to memory of 1920 2156 rundll32.exe 28 PID 1920 wrote to memory of 1284 1920 rundll32.exe 29 PID 1920 wrote to memory of 1284 1920 rundll32.exe 29 PID 1920 wrote to memory of 1284 1920 rundll32.exe 29 PID 1920 wrote to memory of 1284 1920 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\pugdogrun\GdiPlus.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2156 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\pugdogrun\GdiPlus.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1920 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 2283⤵
- Program crash
PID:1284
-
-