Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
29/05/2024, 13:35
Behavioral task
behavioral1
Sample
Asus Spoofer.exe
Resource
win7-20231129-en
General
-
Target
Asus Spoofer.exe
-
Size
20.0MB
-
MD5
5a7090bcd6bbe21b0137e3e6d05deb62
-
SHA1
10c45eae193ce28da991ed8fbda13680dc1fdd26
-
SHA256
a62fbb8137b590bcf3523ea2e611426570de44a35b90dde23c708923f5b63b83
-
SHA512
2bf18a57deb9b725c3316b59bf775e3f3f23d48d057b972e2cf69a7b2ee5ab819915bf2a9aecb12192c8e949f42a79c8068dbe6d6a8853285a6f12615a229507
-
SSDEEP
393216:yv9zcQqKXG5L1V8dXurEUWjc3z9WDcD4jv60bbMemnC:U9gQTXaRkdbc0k4r3bbZmC
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2364 Asus Spoofer.exe -
resource yara_rule behavioral1/files/0x0005000000019ecb-103.dat upx -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2244 wrote to memory of 2364 2244 Asus Spoofer.exe 28 PID 2244 wrote to memory of 2364 2244 Asus Spoofer.exe 28 PID 2244 wrote to memory of 2364 2244 Asus Spoofer.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Asus Spoofer.exe"C:\Users\Admin\AppData\Local\Temp\Asus Spoofer.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2244 -
C:\Users\Admin\AppData\Local\Temp\Asus Spoofer.exe"C:\Users\Admin\AppData\Local\Temp\Asus Spoofer.exe"2⤵
- Loads dropped DLL
PID:2364
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.6MB
MD5069b018273ea88565919dbc1ffd48334
SHA18037d5ba2bbdad460469457683b8a3474999d990
SHA256c0472e1f16648a3adaba4e012d518a69c74e5649a65097c16eedf0231fd75ee4
SHA51263e0e6a75334b1d4a4c0da76d199ea7f87ebb8ea768f81bd09b2170cd1cb0d8cf979ae6678d8a4359457ff3c676723a6256b54f2a2077cc419fbc9aa7ce484b5