Overview
overview
10Static
static
100383282038...bd.exe
windows7-x64
082060e332...76.exe
windows7-x64
101035f1b289...b8.exe
windows7-x64
624592b8814...b9.exe
windows7-x64
331459fd8f4...d2.exe
windows7-x64
103216f3b1bf...ae.exe
windows7-x64
43026556ea...97.exe
windows7-x64
14499426b05...8b.exe
windows7-x64
779271d57c5...61.exe
windows7-x64
7843cd39e4f...29.exe
windows7-x64
10847001fe67...7e.exe
windows7-x64
1902f0cb92e...ad.exe
windows7-x64
1994d023640...94.dll
windows7-x64
1a006d20ea6...6b.exe
windows7-x64
3aaf476e091...d5.exe
windows7-x64
8abb979296b...f1.dll
windows7-x64
7b630f84b45...86.exe
windows7-x64
1bd37f1c8f1...8e.exe
windows7-x64
1c086172b03...77.exe
windows7-x64
10c2a620243b...bb.exe
windows7-x64
1c3705bab83...3b.exe
windows7-x64
1c97d9bbc80...15.exe
windows7-x64
10cad20feffc...5d.exe
windows7-x64
5d01b92a1d7...c4.dll
windows7-x64
6d2a120aa4a...78.exe
windows7-x64
10d9f7e34bf8...f1.exe
windows7-x64
1da45ff208b...95.exe
windows7-x64
dd0d00fec6...c8.exe
windows7-x64
10e8ae1656c2...dc.exe
windows7-x64
5ed09a02045...0d.exe
windows7-x64
7f0c2927859...a6.exe
windows7-x64
9f3771ca98b...50.exe
windows7-x64
8Analysis
-
max time kernel
2s -
max time network
6s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
26-03-2024 16:54
Behavioral task
behavioral1
Sample
0383282038e4b6b1daa69a9b71bfff42b8091a4004bbe780c98239ada99f77bd.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
082060e3320870d1d576083e0ee65c06a1104913ae866137f8ca45891c059a76.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral3
Sample
1035f1b289e6d88148431da56ed5fb3c3d251b51f38bfd498690537e57a3c8b8.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral4
Sample
24592b881440b004bfcc51692deef734babdfc0cd5719826bd05ae678584bfb9.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral5
Sample
31459fd8f4ca241e9f2eedcaddf848d8be9eaa76f05102b30872eedbe6c250d2.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral6
Sample
3216f3b1bf985c045c18f16e00abcec112149ce8ecad190c620500f5cefb59ae.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral7
Sample
43026556eaa76df4544dd37cc1f708eb3df18b7e33969042b343c2b8be4ff697.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
4499426b05f7f17b48d3aa805681c53aed09b5b48e25c9070c08dbfae464698b.exe
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral9
Sample
79271d57c531c79536bc0be0d71e3a372bed9c10689257a7727475ab41e3e161.exe
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral10
Sample
843cd39e4f5024ef36fdc142bf2eb9d9dcc05f0b8f7f812d49ddac8a2bf83f29.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral11
Sample
847001fe67b260c91fdc360297f6758598c41eb78fc4aae6adc4a4e2dd813b7e.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
902f0cb92e46d9d3028a9e5b52975f66142648ac90007032aafa9b1e2b5263ad.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral13
Sample
994d02364001319f2a3fd9318a2f760c79d7dcfddb177940e22cb60765992094.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
a006d20ea64758a5219d6a8833a593d99b47c2301e17be2e07593c1565de086b.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral15
Sample
aaf476e09142ae0b67a0696e3c5d202cda7081c9365f352cfb82068a80e265d5.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
abb979296b15798893029044f06c97a2e98f4ec044c0c34ac27a0dd6bb0b0ff1.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral17
Sample
b630f84b4573831a769170ce7efe73a107b7cd457f499d29fbb622db5c717086.exe
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral18
Sample
bd37f1c8f1a0b1333df616db123305e9c138eb3331c1fd66907d4e9df93a4a8e.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral19
Sample
c086172b03dbcdc6a782dfbbbf1b6b7f71551bc0d10e1044fcd3c7e880e83a77.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
c2a620243b8c161336d68aaccbb7972f083b3e8e30e0fcfaaf9413e46bcbf1bb.exe
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral21
Sample
c3705bab837f5e68ab54a026bf6d23b454f9e6273c919f4d9c43db7c9c37a43b.exe
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral22
Sample
c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15.exe
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral23
Sample
cad20feffc7b67e394cb667c56211449ccc9c474583e4feacb5c2461dd002c5d.exe
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral24
Sample
d01b92a1d7e00f34549ee537989890699c7ac34c929ea381a4289e49e2d0e4c4.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral25
Sample
d2a120aa4a8aeb87408828d4e7e0da615cb83e32ca5fccc79eee70bca3ea4d78.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral26
Sample
d9f7e34bf8a82e137d47849c6397b51a5c127af99c4a843f8f8223687a05daf1.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral27
Sample
da45ff208be5e193a3da424f6025a3b257dff0c67fab84bd6a9028862fd5cb95.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
dd0d00fec6564d52ad291e8f8a99e981a31ba5fbb623076e8e2864f4591e9bc8.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral29
Sample
e8ae1656c225e8de8e57983db87738630d70036aae6cf1c2b486084edb4aa4dc.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
ed09a020459f1b059bba72c76cd00520c119903b0f8b9fe316a83ced5d66ad0d.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral31
Sample
f0c292785905838d08b27bb99ab260b43fd8de580de80017fdaaab3c3d53d8a6.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
f3771ca98b3a07606cda74128da5d4292572919418f3045196ea245ef63e9150.exe
Resource
win7-20240319-en
windows7-x64
General
-
Target
d01b92a1d7e00f34549ee537989890699c7ac34c929ea381a4289e49e2d0e4c4.dll
-
Size
164KB
-
MD5
0801f10ec6451719bde73ad22de88d5a
-
SHA1
9bf9b111da0fdba83ce65a883248a0ea9e26a455
-
SHA256
d01b92a1d7e00f34549ee537989890699c7ac34c929ea381a4289e49e2d0e4c4
-
SHA512
10311c679c46dfe31815c63df41e6a06f04b03ce2050b3065675fd973e7af27d52dcbea7df74c2baa92344a8b2533c5799508926825a3ea3671097544efedee0
-
SSDEEP
1536:WvbSZWtDvM7wIjCEZQ5yyw1oDpP+pfICS4A++GbvF0qcX8opz25maL3SUtNDWyPB:1WhoCE3yw1oVj5DJtOicNDWEzZ9dckwK
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\X: rundll32.exe File opened (read-only) \??\G: rundll32.exe File opened (read-only) \??\N: rundll32.exe File opened (read-only) \??\O: rundll32.exe File opened (read-only) \??\S: rundll32.exe File opened (read-only) \??\U: rundll32.exe File opened (read-only) \??\V: rundll32.exe File opened (read-only) \??\W: rundll32.exe File opened (read-only) \??\B: rundll32.exe File opened (read-only) \??\E: rundll32.exe File opened (read-only) \??\H: rundll32.exe File opened (read-only) \??\K: rundll32.exe File opened (read-only) \??\T: rundll32.exe File opened (read-only) \??\A: rundll32.exe File opened (read-only) \??\L: rundll32.exe File opened (read-only) \??\P: rundll32.exe File opened (read-only) \??\Y: rundll32.exe File opened (read-only) \??\Z: rundll32.exe File opened (read-only) \??\I: rundll32.exe File opened (read-only) \??\J: rundll32.exe File opened (read-only) \??\M: rundll32.exe File opened (read-only) \??\Q: rundll32.exe File opened (read-only) \??\R: rundll32.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2152 rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2300 wrote to memory of 2152 2300 rundll32.exe 28 PID 2300 wrote to memory of 2152 2300 rundll32.exe 28 PID 2300 wrote to memory of 2152 2300 rundll32.exe 28 PID 2300 wrote to memory of 2152 2300 rundll32.exe 28 PID 2300 wrote to memory of 2152 2300 rundll32.exe 28 PID 2300 wrote to memory of 2152 2300 rundll32.exe 28 PID 2300 wrote to memory of 2152 2300 rundll32.exe 28 PID 2152 wrote to memory of 1936 2152 rundll32.exe 29 PID 2152 wrote to memory of 1936 2152 rundll32.exe 29 PID 2152 wrote to memory of 1936 2152 rundll32.exe 29 PID 2152 wrote to memory of 1936 2152 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d01b92a1d7e00f34549ee537989890699c7ac34c929ea381a4289e49e2d0e4c4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2300 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d01b92a1d7e00f34549ee537989890699c7ac34c929ea381a4289e49e2d0e4c4.dll,#12⤵
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2152 -
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -e RwBlAHQALQBXAG0AaQBPAGIAagBlAGMAdAAgAFcAaQBuADMAMgBfAFMAaABhAGQAbwB3AGMAbwBwAHkAIAB8ACAARgBvAHIARQBhAGMAaAAtAE8AYgBqAGUAYwB0ACAAewAkAF8ALgBEAGUAbABlAHQAZQAoACkAOwB9AA==3⤵PID:1936
-
-
-
C:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\unsecapp.exe -Embedding1⤵PID:2956
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵PID:2648