Overview
overview
10Static
static
1023a66b32df...98.exe
windows7-x64
723a66b32df...98.exe
windows10-2004-x64
7$PLUGINSDI...ol.dll
windows7-x64
3$PLUGINSDI...ol.dll
windows10-2004-x64
3$PLUGINSDI...re.dll
windows7-x64
3$PLUGINSDI...re.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...om.dll
windows7-x64
7$PLUGINSDI...om.dll
windows10-2004-x64
7API.dll
windows7-x64
1API.dll
windows10-2004-x64
1Accessibility.dll
windows7-x64
1Accessibility.dll
windows10-2004-x64
1AntivirusLibrary.dll
windows7-x64
1AntivirusLibrary.dll
windows10-2004-x64
1Brand.dll
windows7-x64
1Brand.dll
windows10-2004-x64
1CacApp.exe
windows7-x64
1CacApp.exe
windows10-2004-x64
1CacApp.exe
windows7-x64
1CacApp.exe
windows10-2004-x64
1D3DCompile...r3.dll
windows10-2004-x64
3DirectWrit...er.dll
windows7-x64
1DirectWrit...er.dll
windows10-2004-x64
1DotNetZip.dll
windows7-x64
1DotNetZip.dll
windows10-2004-x64
1EndpointPr...et.dll
windows7-x64
1Analysis
-
max time kernel
117s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
23-05-2024 12:12
Behavioral task
behavioral1
Sample
23a66b32dfa75a94036870a1dce0bfabe6b52331eb2bed02e6953b9fead97298.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
23a66b32dfa75a94036870a1dce0bfabe6b52331eb2bed02e6953b9fead97298.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/SysRestore.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/SysRestore.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsRandom.dll
Resource
win7-20240419-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsRandom.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral15
Sample
API.dll
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
API.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
Accessibility.dll
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
Accessibility.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral19
Sample
AntivirusLibrary.dll
Resource
win7-20240220-en
Behavioral task
behavioral20
Sample
AntivirusLibrary.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral21
Sample
Brand.dll
Resource
win7-20240221-en
Behavioral task
behavioral22
Sample
Brand.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
CacApp.exe
Resource
win7-20240221-en
Behavioral task
behavioral24
Sample
CacApp.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
CacApp.exe
Resource
win7-20240221-en
Behavioral task
behavioral26
Sample
CacApp.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral27
Sample
D3DCompiler_47_cor3.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral28
Sample
DirectWriteForwarder.dll
Resource
win7-20240508-en
Behavioral task
behavioral29
Sample
DirectWriteForwarder.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral30
Sample
DotNetZip.dll
Resource
win7-20240220-en
Behavioral task
behavioral31
Sample
DotNetZip.dll
Resource
win10v2004-20240426-en
Behavioral task
behavioral32
Sample
EndpointProtectionClient.Net.dll
Resource
win7-20240221-en
General
-
Target
DirectWriteForwarder.dll
-
Size
498KB
-
MD5
a4fbb20df26708545a2d5457c9390c6f
-
SHA1
255daed711ef0811dd29f1f54cebd0a03dcc8b5f
-
SHA256
6d14d8aa8dc7539ef0ad275a436e37cb0b67f6b2406638fece93eee419bcfdc1
-
SHA512
3de61d39ac4dc1e048d9fe6dcc553139541043d37dbd44c0b2073ac59a919e6e11fa535ae1f4d51692a36ed99d7f5af028ddcdd01e9782db037268bdd2f7a791
-
SSDEEP
6144:HtsL4Mi515WAQKe+xg3S0p67Vc646hSpvEoxIVfRvbaQj0gkjaCIBl+ygpZ+hElr:HtsL0NCf3BUjauoZFw9JTumHgoq2
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid Process procid_target PID 1368 wrote to memory of 2604 1368 rundll32.exe 28 PID 1368 wrote to memory of 2604 1368 rundll32.exe 28 PID 1368 wrote to memory of 2604 1368 rundll32.exe 28 PID 1368 wrote to memory of 2604 1368 rundll32.exe 28 PID 1368 wrote to memory of 2604 1368 rundll32.exe 28 PID 1368 wrote to memory of 2604 1368 rundll32.exe 28 PID 1368 wrote to memory of 2604 1368 rundll32.exe 28