Overview
overview
10Static
static
10access.dll
windows7-x64
1access.dll
windows10-2004-x64
1l2c.exe
windows7-x64
10l2c.exe
windows10-2004-x64
10l2cserv.exe
windows7-x64
10l2cserv.exe
windows10-2004-x64
10l2net.exe
windows7-x64
10l2net.exe
windows10-2004-x64
10l2update.exe
windows7-x64
7l2update.exe
windows10-2004-x64
7proc.dll
windows7-x64
1proc.dll
windows10-2004-x64
3Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
04-06-2024 08:36
Behavioral task
behavioral1
Sample
access.dll
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
access.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
l2c.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
l2c.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
l2cserv.exe
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
l2cserv.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
l2net.exe
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
l2net.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
l2update.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
l2update.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral11
Sample
proc.dll
Resource
win7-20240419-en
Behavioral task
behavioral12
Sample
proc.dll
Resource
win10v2004-20240508-en
General
-
Target
access.dll
-
Size
52KB
-
MD5
68557856c6851353c1578b7cb5b4e71e
-
SHA1
53596c8a185143fca8cb3890155369b6495aebad
-
SHA256
e62eea6b342443b075fe1cedebf2eba82448524197abce17263d2d00cc0aed61
-
SHA512
f84e7a169c0b52be5d261d2e6c49b030443760b82a3e3437e1281c7f98d46345f8519309471f97dc80aa42d7d18ba4b8e80d07681c48ead0ef26e5732eb3f24b
-
SSDEEP
384:BXzN3gJdY59tTulkbETxYJx6y2DfiqoYBUcz837yI4h9lxovS1fJuUIiho38o8OP:BjmwTulXtEOfZBe7kHovsJI38od54
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
regsvr32.exedescription pid process target process PID 2640 wrote to memory of 4048 2640 regsvr32.exe regsvr32.exe PID 2640 wrote to memory of 4048 2640 regsvr32.exe regsvr32.exe PID 2640 wrote to memory of 4048 2640 regsvr32.exe regsvr32.exe