Overview

overview

10

Static

static

3

AvastProxy...xy.exe

windows7-x64

10

AvastProxy...xy.exe

windows10-2004-x64

10

AvastProxyQUY/wsc.dll

windows7-x64

1

AvastProxyQUY/wsc.dll

windows10-2004-x64

1

How Cathol...e.docx

windows7-x64

4

How Cathol...e.docx

windows10-2004-x64

1

How Cathol...ve.exe

windows7-x64

4

How Cathol...ve.exe

windows10-2004-x64

7

wwlib.dll

windows7-x64

8

wwlib.dll

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    31-05-2024 06:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AvastProxyQUY/wsc.dll

  • Size

    76KB

  • MD5

    53d595328512b3e30d14c69a0c16ebbe

  • SHA1

    1f0a08cd1c4b6558557ad31337f78153e4b55e0e

  • SHA256

    daedb4c0bb841423f66a67d169d6831075c4df98d7823857be76f280752127c7

  • SHA512

    819c61b6867538d33610102f20b1921f19fc940e6f4df7489aae697086869c01405be852a03da78ad18114c98dcf8f1d259e6474c1c9deca24e9216bfe64d4de

  • SSDEEP

    768:YkLNJ1Eim6gd/yi04rjnojhKKjLrG3I93XghCbtee9pe:TJ6LdZfKsIOktee9g

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\AvastProxyQUY\wsc.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\AvastProxyQUY\wsc.dll,#1
      2⤵
        PID:1616

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads