Overview
overview
10Static
static
10access.dll
windows7-x64
1access.dll
windows10-2004-x64
1l2c.exe
windows7-x64
10l2c.exe
windows10-2004-x64
10l2cserv.exe
windows7-x64
10l2cserv.exe
windows10-2004-x64
10l2net.exe
windows7-x64
10l2net.exe
windows10-2004-x64
10l2update.exe
windows7-x64
7l2update.exe
windows10-2004-x64
7proc.dll
windows7-x64
1proc.dll
windows10-2004-x64
3Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
04-06-2024 08:36
Behavioral task
behavioral1
Sample
access.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
access.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
l2c.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
l2c.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
l2cserv.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
l2cserv.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
l2net.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
l2net.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
l2update.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
l2update.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
proc.dll
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
proc.dll
Resource
win10v2004-20240508-en
General
-
Target
proc.dll
-
Size
462KB
-
MD5
6aac836bde08d9c6fee6c91cc1ac631f
-
SHA1
b10817a68208bbeb22172afcd40227a35cee4cda
-
SHA256
f9d9b9d36c6077f75f86343fcd4cddb1dc4965d42c77e19f60e2515f97e7571b
-
SHA512
d9901d553bdf0acb92ed0b92bd14ec4f9d11e7ffeb534ae4fe664e14bfe917d2434f09e945c07bdc0b4da0dc13cb65829c7f066ee6d87452ba5bbbcdf900a1b4
-
SSDEEP
6144:HEKrFfU19u5mbwAKKzqMmrDmM6GBCpBns2OJBCQf3rt63AQ49VYDQxc/D:HEKlGu5mk/KzqMmr91p2ECQfw3CVYHD
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2424 wrote to memory of 2056 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2056 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2056 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2056 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2056 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2056 2424 rundll32.exe rundll32.exe PID 2424 wrote to memory of 2056 2424 rundll32.exe rundll32.exe