Overview
overview
3Static
static
3�...ad.dll
windows7-x64
1�...ad.dll
windows10-2004-x64
1�...ib.dll
windows7-x64
1�...ib.dll
windows10-2004-x64
1�...ui.dll
windows7-x64
1�...ui.dll
windows10-2004-x64
1�...nv.dll
windows7-x64
1�...nv.dll
windows10-2004-x64
1�...ln.dll
windows7-x64
1�...ln.dll
windows10-2004-x64
1�...p3.dll
windows7-x64
1�...p3.dll
windows10-2004-x64
3�...ec.dll
windows7-x64
1�...ec.dll
windows10-2004-x64
1�...��.exe
windows7-x64
1�...��.exe
windows10-2004-x64
1Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
23-03-2024 12:59
Behavioral task
behavioral1
Sample
DJ/EThread.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
DJ/EThread.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
DJ/downlib.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
DJ/downlib.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
DJ/exui.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
DJ/exui.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
DJ/iconv.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
DJ/iconv.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
DJ/krnln.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
DJ/krnln.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
DJ/mp3.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
DJ/mp3.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
DJ/spec.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
DJ/spec.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
DJ/DJֺ.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
DJ/DJֺ.exe
Resource
win10v2004-20240319-en
General
-
Target
DJ/krnln.dll
-
Size
1.2MB
-
MD5
e751a0e5a8cdb5477e7979d7b471426f
-
SHA1
815b415379fdbace8b3f3d1d45482fc45a8948f1
-
SHA256
7e94037fca451f2b7bf82d0cfbdd7b64bc24df07e9c09f762352d4eea5fcd92e
-
SHA512
1030dd2234bf2bf0433556ae439f858867bd5874ca809bd34e0df1d122a60db7aa12e7688b09bef5f916b406f1b2170f32d3e274527ccb843acb9fff42022b3c
-
SSDEEP
24576:XveDpKsoGSplcN0pgTpD1vRcsatXL/rxdbwwWB5X2:XuWVe0pG1a7/DwwWT2
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1712 wrote to memory of 2268 1712 rundll32.exe rundll32.exe PID 1712 wrote to memory of 2268 1712 rundll32.exe rundll32.exe PID 1712 wrote to memory of 2268 1712 rundll32.exe rundll32.exe PID 1712 wrote to memory of 2268 1712 rundll32.exe rundll32.exe PID 1712 wrote to memory of 2268 1712 rundll32.exe rundll32.exe PID 1712 wrote to memory of 2268 1712 rundll32.exe rundll32.exe PID 1712 wrote to memory of 2268 1712 rundll32.exe rundll32.exe