Overview
overview
7Static
static
3PICer_inst...eb.exe
windows7-x64
7PICer_inst...eb.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...er.exe
windows7-x64
1$PLUGINSDI...er.exe
windows10-2004-x64
6$PLUGINSDI...2k.sys
windows7-x64
1$PLUGINSDI...2k.sys
windows10-2004-x64
1$PLUGINSDI...xp.sys
windows7-x64
1$PLUGINSDI...xp.sys
windows10-2004-x64
1$PLUGINSDI...ll.dll
windows7-x64
1$PLUGINSDI...ll.dll
windows10-2004-x64
1$PLUGINSDI...ns.dll
windows7-x64
1$PLUGINSDI...ns.dll
windows10-2004-x64
1$_14_/PictureShow.exe
windows7-x64
4$_14_/PictureShow.exe
windows10-2004-x64
4$_14_/Uninstall.exe
windows7-x64
7$_14_/Uninstall.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
1$PLUGINSDI...ll.dll
windows10-2004-x64
1$PLUGINSDI...ns.dll
windows7-x64
1$PLUGINSDI...ns.dll
windows10-2004-x64
1Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
11/04/2024, 12:21
Static task
static1
Behavioral task
behavioral1
Sample
PICer_installer_pocoweb.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
PICer_installer_pocoweb.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/driver.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/driver.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/ghost_win2k.sys
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/ghost_win2k.sys
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$PLUGINSDIR/ghost_winxp.sys
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
$PLUGINSDIR/ghost_winxp.sys
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$PLUGINSDIR/nsisFirewall.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
$PLUGINSDIR/nsisFirewall.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$PLUGINSDIR/poco_plugins.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral18
Sample
$PLUGINSDIR/poco_plugins.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$_14_/PictureShow.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
$_14_/PictureShow.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$_14_/Uninstall.exe
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
$_14_/Uninstall.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
$PLUGINSDIR/nsisFirewall.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral30
Sample
$PLUGINSDIR/nsisFirewall.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
$PLUGINSDIR/poco_plugins.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral32
Sample
$PLUGINSDIR/poco_plugins.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
$PLUGINSDIR/poco_plugins.dll
-
Size
124KB
-
MD5
ae80cb665558ac0bdf0206d56ba9f5fb
-
SHA1
19413fc0c1ce884ec63988923ac053fd3d0d1c9f
-
SHA256
7c3f1d572cb12bc69923d72f4effbc88e749430c11b8662532c464c69df9e16d
-
SHA512
9c2bff34eaf0daa4a3c448a894bb54baca98cdacec47e322dbc0ca4ddf81b99a9e6d8434bf25ae46826ae3179e6f5c67e2cb439f9da64302e6ed11b9910d4e37
-
SSDEEP
1536:KqynFGsPoYp9TQvv78x1+nPYKyetPcpxmko7oTiA/DVkPPTdtwtDrWn:TFswq6Yx1qgMyKPYtDrWn
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2308 wrote to memory of 2792 2308 rundll32.exe 28 PID 2308 wrote to memory of 2792 2308 rundll32.exe 28 PID 2308 wrote to memory of 2792 2308 rundll32.exe 28 PID 2308 wrote to memory of 2792 2308 rundll32.exe 28 PID 2308 wrote to memory of 2792 2308 rundll32.exe 28 PID 2308 wrote to memory of 2792 2308 rundll32.exe 28 PID 2308 wrote to memory of 2792 2308 rundll32.exe 28