Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240215-en -
resource tags
arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 01:59
Static task
static1
Behavioral task
behavioral1
Sample
WeChat Lite 2.6.2/WCLUpdata.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
WeChat Lite 2.6.2/WCLUpdata.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
WeChat Lite 2.6.2/WeChat.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
WeChat Lite 2.6.2/WeChat.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
WeChat Lite 2.6.2/message.dll
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
WeChat Lite 2.6.2/message.dll
Resource
win10v2004-20240508-en
General
-
Target
WeChat Lite 2.6.2/message.dll
-
Size
740KB
-
MD5
4339fa3d77075d1fd7584a59c48b5efc
-
SHA1
34e05f32ad1f84f5438812177b8aa07b109d7eec
-
SHA256
5781fc2d930e7043379bcea99d87d1ad163d0f49708c9839e0919f05d8d88529
-
SHA512
9004712ef73ec7fcb9721973d46c42fddaa8fec9b41696f795c01ed46bbd4b3635bde568eede5e9282cc4464f3638665347ac71fa17086ec0c3e07e5283ebb8b
-
SSDEEP
6144:S1n4HBaynv7pTG07uE0+oCLG30vOr4aAEu1k6cQiICsaRhoClYTckNCtjzPm+rAf:S14akjpTG0CE/jOQS6td1CYlC1YX
Malware Config
Signatures
-
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
rundll32.exepid process 2156 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1756 wrote to memory of 2156 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 2156 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 2156 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 2156 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 2156 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 2156 1756 rundll32.exe rundll32.exe PID 1756 wrote to memory of 2156 1756 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\WeChat Lite 2.6.2\message.dll",#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\WeChat Lite 2.6.2\message.dll",#12⤵
- Suspicious use of SetWindowsHookEx