Analysis
-
max time kernel
142s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
22-04-2024 01:52
Behavioral task
behavioral1
Sample
Lua Injector Universe/NeutrinoAgent.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Lua Injector Universe/NeutrinoAgent.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
Lua Injector Universe/NeutrinoInjector.exe
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
Lua Injector Universe/NeutrinoInjector.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
Lua Injector Universe/temka.dll
Resource
win7-20240221-en
General
-
Target
Lua Injector Universe/NeutrinoAgent.dll
-
Size
39KB
-
MD5
bc57e228e8b94d24d48f5e81a3dbf491
-
SHA1
99a708592e7e5cbf9572e8d581e1b25365a75702
-
SHA256
62a0f8dc21c73a3068220caed39b1c2c5bd176c4ea98856ecf34dc944b649e41
-
SHA512
a58c9f10c0fb16a0eff1dfa86b1fcd45501afefa3b22fb08f6953dba19880cc2d61ab9f607ce86bfb7cb7077f9dfc1e9e46a46b39202da97ecfc24e940336404
-
SSDEEP
768:BvUJ7iuhlDFRaucM1k3+BnvXmBHpmwyvarP7rE:BcJpTFYPOBeBHpC27
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
rundll32.exepid process 5032 rundll32.exe 5032 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3768 wrote to memory of 5032 3768 rundll32.exe rundll32.exe PID 3768 wrote to memory of 5032 3768 rundll32.exe rundll32.exe PID 3768 wrote to memory of 5032 3768 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Lua Injector Universe\NeutrinoAgent.dll",#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Lua Injector Universe\NeutrinoAgent.dll",#12⤵
- Suspicious behavior: EnumeratesProcesses