Overview

overview

7

Static

static

3

a2695767d5...18.exe

windows7-x64

7

a2695767d5...18.exe

windows10-2004-x64

7

$PLUGINSDI...nz.dll

windows7-x64

3

$PLUGINSDI...nz.dll

windows10-2004-x64

3

$PLUGINSDIR/vioij.dll

windows7-x64

1

$PLUGINSDIR/vioij.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    51s
  • max time network
    56s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 21:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/vioij.dll

  • Size

    125KB

  • MD5

    d881eaa44c1ea41c7c01dc9fece62729

  • SHA1

    a6738529f3a0411aa9632cbfb85f1c00089e962a

  • SHA256

    106db993d66af7aefc0aea59b9023fc10a1305c9bd46ea1bd1b4f6a2c9bf50be

  • SHA512

    e9958493b2452ad63d7374d169f43805cd1d5b2d222c9d719d73d6b21081d42e3103db908e602837fcc2bc3bebecc3106ab3b13df080e1863ba808192695b300

  • SSDEEP

    3072:kclQ3DXue5DAxP0gYi9babpPjBWDJapmE:Z+juea0/iNabxEDJapmE

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\vioij.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1784
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\vioij.dll,#1
      2⤵
        PID:1460

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads