Resubmissions
26/06/2024, 19:13
240626-xw3v2syepc 7Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
26/06/2024, 19:13
Behavioral task
behavioral1
Sample
REALEcliptic_Build_4.0.5/ECLIPSE_4.0.5.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
REALEcliptic_Build_4.0.5/bin/drawUi.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
REALEcliptic_Build_4.0.5/bin/glew32.dll
Resource
win10v2004-20240508-en
General
-
Target
REALEcliptic_Build_4.0.5/bin/drawUi.dll
-
Size
281KB
-
MD5
19a137530140343516b062de921cf8a0
-
SHA1
7bb80fec979b0f35288f5e7db00b5f78553eb433
-
SHA256
a7602caf28804eed07b682eacf6c9f31a0e89d5f05ba91578ca97126baa85f22
-
SHA512
1894cac10367705fbbcdc6cff78525566efaa950cf251c8484697e7cbba441c2892b1a88effbcb7c240c3c29061ada1e348601bef8c77f124e8e4b3081fd43c2
-
SSDEEP
6144:nBJcwigsUb7pvN+HwWL3RgcGRW9S6yK5Q0M+KM:BJcwHbVF+HwU33NyKx
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3496 wrote to memory of 3492 3496 rundll32.exe 82 PID 3496 wrote to memory of 3492 3496 rundll32.exe 82 PID 3496 wrote to memory of 3492 3496 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\REALEcliptic_Build_4.0.5\bin\drawUi.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3496 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\REALEcliptic_Build_4.0.5\bin\drawUi.dll,#12⤵PID:3492
-