Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
05-04-2024 15:56
Static task
static1
Behavioral task
behavioral1
Sample
redist.zip
Resource
win7-20240319-en
Behavioral task
behavioral2
Sample
redist.zip
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
buildrhadha.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
buildrhadha.exe
Resource
win10v2004-20240319-en
Behavioral task
behavioral5
Sample
data.bin
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
data.bin
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
g2m.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
g2m.dll
Resource
win10v2004-20240226-en
General
-
Target
g2m.dll
-
Size
395KB
-
MD5
eef5e122a610edb4f13115dff624b2b9
-
SHA1
da324be4ee4c1573fbaedd83307ee888335d9661
-
SHA256
dd9c9d63a5f4798d3d30ddc7d0eb569c4406b2db7224b936c0721b78b7436940
-
SHA512
7f2318d222ac172b5aadecb09e19ff121a2648742c4e23fee91a9551a2f50014886fcb9f67f228e43fadd36fe80e71b9e6bd443b6d696533f872a2fb99862556
-
SSDEEP
6144:zT1N9+2qMgtcYrnWtkbGoWkYnxDrWJgVdfjJBPLbvrPtj2Ik/0:zxqzt+kYtHVRjJBb6/0
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2796 wrote to memory of 1276 2796 rundll32.exe rundll32.exe PID 2796 wrote to memory of 1276 2796 rundll32.exe rundll32.exe PID 2796 wrote to memory of 1276 2796 rundll32.exe rundll32.exe PID 2796 wrote to memory of 1276 2796 rundll32.exe rundll32.exe PID 2796 wrote to memory of 1276 2796 rundll32.exe rundll32.exe PID 2796 wrote to memory of 1276 2796 rundll32.exe rundll32.exe PID 2796 wrote to memory of 1276 2796 rundll32.exe rundll32.exe