Overview

overview

10

Static

static

3

Plugins/CmdBar.dll

windows7-x64

1

Plugins/CmdBar.dll

windows10-2004-x64

1

betab.exe

windows7-x64

10

betab.exe

windows10-2004-x64

10

#/1.exe

windows7-x64

#/1.exe

windows10-2004-x64

#/2.exe

windows7-x64

#/2.exe

windows10-2004-x64

ioncube_lo...5.4.so

ubuntu-20.04-amd64

1

Analysis

  • max time kernel
    131s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-05-2024 19:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Plugins/CmdBar.dll

  • Size

    63KB

  • MD5

    6c7ba28fd1aacd8c4f5c46f76b855199

  • SHA1

    c908a3763dda6ed0bc59a3030e080852a15fc6ec

  • SHA256

    f9cf91a8c49149c7b05f61185a869af9878a73a19905bad07fa7ac83fe4ed46e

  • SHA512

    25854d739fdb61a925f4a2f97f01201c10f1d2286239a0d291a6c1003404d50f43934399cab7d2dc338c43b10eca7f937c4bcd047e279b474909689a83f5405c

  • SSDEEP

    1536:v2kXPRaKjgeTmBsrZWdpIty325HS67wGsGYtI:v24RF3Hw3EHSk

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\CmdBar.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3680
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\CmdBar.dll,#1
      2⤵
        PID:1240

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1240-0-0x0000000000CB0000-0x0000000000CC7000-memory.dmp

      Filesize

      92KB

      Download