Overview
overview
7Static
static
3cdafd40ca5...2f.exe
windows7-x64
7cdafd40ca5...2f.exe
windows10-2004-x64
7$PLUGINSDI...nt.dll
windows7-x64
3$PLUGINSDI...nt.dll
windows10-2004-x64
3$PLUGINSDI...RL.dll
windows7-x64
3$PLUGINSDI...RL.dll
windows10-2004-x64
3$PLUGINSDI...tc.dll
windows7-x64
3$PLUGINSDI...tc.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...ss.dll
windows7-x64
1$PLUGINSDI...ss.dll
windows10-2004-x64
1$PLUGINSDI...ge.dll
windows7-x64
3$PLUGINSDI...ge.dll
windows10-2004-x64
3$PLUGINSDI...n12.js
windows7-x64
1$PLUGINSDI...n12.js
windows10-2004-x64
1$PLUGINSDI...ime.js
windows7-x64
1$PLUGINSDI...ime.js
windows10-2004-x64
1$PLUGINSDI...ket.js
windows7-x64
1$PLUGINSDI...ket.js
windows10-2004-x64
1$PLUGINSDI...ftp.js
windows7-x64
1$PLUGINSDI...ftp.js
windows10-2004-x64
1$PLUGINSDI...ttp.js
windows7-x64
1$PLUGINSDI...ttp.js
windows10-2004-x64
1$PLUGINSDI.../tp.js
windows7-x64
1$PLUGINSDI.../tp.js
windows10-2004-x64
1$PLUGINSDI...re.dll
windows7-x64
1$PLUGINSDI...re.dll
windows10-2004-x64
1$PLUGINSDI...re.dll
windows7-x64
1$PLUGINSDI...re.dll
windows10-2004-x64
1$PLUGINSDI...ib.dll
windows7-x64
3$PLUGINSDI...ib.dll
windows10-2004-x64
3Analysis
-
max time kernel
120s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
16-03-2024 09:22
Static task
static1
Behavioral task
behavioral1
Sample
cdafd40ca595a808d276c5ea24ac232f.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
cdafd40ca595a808d276c5ea24ac232f.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ButtonEvent.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/CustomBrandingURL.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/CustomBrandingURL.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/CustomInetc.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/CustomInetc.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/CustomNSISdl.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/CustomNSISdl.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/FloatingProgress.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/FloatingProgress.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$PLUGINSDIR/LuaBridge.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral14
Sample
$PLUGINSDIR/LuaBridge.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$PLUGINSDIR/LuaSocket/lua/ltn12.js
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral16
Sample
$PLUGINSDIR/LuaSocket/lua/ltn12.js
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$PLUGINSDIR/LuaSocket/lua/mime.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
$PLUGINSDIR/LuaSocket/lua/mime.js
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$PLUGINSDIR/LuaSocket/lua/socket.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
$PLUGINSDIR/LuaSocket/lua/socket.js
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$PLUGINSDIR/LuaSocket/lua/socket/ftp.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
$PLUGINSDIR/LuaSocket/lua/socket/ftp.js
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
$PLUGINSDIR/LuaSocket/lua/socket/http.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
$PLUGINSDIR/LuaSocket/lua/socket/http.js
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
$PLUGINSDIR/LuaSocket/lua/socket/tp.js
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
$PLUGINSDIR/LuaSocket/lua/socket/tp.js
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
$PLUGINSDIR/LuaSocket/mime/core.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
$PLUGINSDIR/LuaSocket/mime/core.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
$PLUGINSDIR/LuaSocket/socket/core.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral30
Sample
$PLUGINSDIR/LuaSocket/socket/core.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
$PLUGINSDIR/LuaXml_lib.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral32
Sample
$PLUGINSDIR/LuaXml_lib.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
$PLUGINSDIR/LuaSocket/socket/core.dll
-
Size
80KB
-
MD5
4bf7db111acfa7c28ad36606107b3322
-
SHA1
6f20b9f6663ce0c309a2ce60e718d64ffb6c75b3
-
SHA256
bfe8445c38ee71240e856f85d79e94123d7179bf43688de0e2a14e32e6ef21b0
-
SHA512
0a5e66a65b80e15d8198f2934c58227ae17680f0fbea9865b2f44af82a29c53d4f95cf9616b4dfd75202420eb73b7d962cf2c84fdad6ce26afe1eb4bb978d0b6
-
SSDEEP
768:4pOz0XSP1hSt5+5lKfZyDy3TygCk749NRAa1YwqJlfp8iB9jDEu/s5RPOothtlRp:wOws14t5CeTygmNRA0IVh05IoN3
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2040 wrote to memory of 1284 2040 rundll32.exe 28 PID 2040 wrote to memory of 1284 2040 rundll32.exe 28 PID 2040 wrote to memory of 1284 2040 rundll32.exe 28 PID 2040 wrote to memory of 1284 2040 rundll32.exe 28 PID 2040 wrote to memory of 1284 2040 rundll32.exe 28 PID 2040 wrote to memory of 1284 2040 rundll32.exe 28 PID 2040 wrote to memory of 1284 2040 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LuaSocket\socket\core.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LuaSocket\socket\core.dll,#12⤵PID:1284
-