Overview
overview
7Static
static
7IEProt-v2.0.708.1.exe
windows7-x64
7IEProt-v2.0.708.1.exe
windows10-2004-x64
7$COMMONFIL...xt.dll
windows7-x64
1$COMMONFIL...xt.dll
windows10-2004-x64
1$COMMONFIL...an.dll
windows7-x64
1$COMMONFIL...an.dll
windows10-2004-x64
1$COMMONFIL...fe.dll
windows7-x64
6$COMMONFIL...fe.dll
windows10-2004-x64
6$COMMONFIL...an.dll
windows7-x64
1$COMMONFIL...an.dll
windows10-2004-x64
3$COMMONFIL...og.dll
windows7-x64
1$COMMONFIL...og.dll
windows10-2004-x64
1$COMMONFIL...fe.dll
windows7-x64
3$COMMONFIL...fe.dll
windows10-2004-x64
3$COMMONFIL...n7.dll
windows7-x64
1$COMMONFIL...n7.dll
windows10-2004-x64
1$COMMONFIL...rl.dll
windows7-x64
1$COMMONFIL...rl.dll
windows10-2004-x64
1$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...et.dll
windows7-x64
3$PLUGINSDI...et.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...Ad.dll
windows7-x64
3$PLUGINSDI...Ad.dll
windows10-2004-x64
3$TEMP/updatesafe.exe
windows7-x64
1$TEMP/updatesafe.exe
windows10-2004-x64
1Analysis
-
max time kernel
120s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
04/07/2024, 22:34
Behavioral task
behavioral1
Sample
IEProt-v2.0.708.1.exe
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral2
Sample
IEProt-v2.0.708.1.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$COMMONFILES/Angels/IEMenuExt.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral4
Sample
$COMMONFILES/Angels/IEMenuExt.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$COMMONFILES/Angels/IEScan.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral6
Sample
$COMMONFILES/Angels/IEScan.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$COMMONFILES/Angels/IEsafe.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral8
Sample
$COMMONFILES/Angels/IEsafe.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$COMMONFILES/Angels/Scan.dll
Resource
win7-20240611-en
windows7-x64
Behavioral task
behavioral10
Sample
$COMMONFILES/Angels/Scan.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$COMMONFILES/Angels/SrLog.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral12
Sample
$COMMONFILES/Angels/SrLog.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$COMMONFILES/Angels/WebSafe.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
$COMMONFILES/Angels/WebSafe.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$COMMONFILES/Angels/srwin7.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral16
Sample
$COMMONFILES/Angels/srwin7.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$COMMONFILES/Angels/xFoCtrl.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
$COMMONFILES/Angels/xFoCtrl.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral20
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$PLUGINSDIR/Internet.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral22
Sample
$PLUGINSDIR/Internet.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
$PLUGINSDIR/nsWebAd.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
$PLUGINSDIR/nsWebAd.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
$TEMP/updatesafe.exe
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral32
Sample
$TEMP/updatesafe.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
$COMMONFILES/Angels/Scan.dll
-
Size
1.2MB
-
MD5
065f9de874ca386a578df94fa000017c
-
SHA1
d59779e9651942a410ad79e0823a3658cda24466
-
SHA256
5bf0e00dc589b4464f78c105b016060424a245f0ee6b94f6af8f3f0f053c07ee
-
SHA512
076a240600b118bf98a664fa7d3cabeda9efb8b91d5a78c23ee9e00d86a1927d55cc43da0f0831199f631ef1e0213109cce05e31155163203b4327b9c689c972
-
SSDEEP
24576:SgcIwdCFEXGwz6Ff78H8KZ7SI7ErlB6azPTkkkkkkkkkkkkkkUkkkkkkkkkkkkkD:SgcIwi5nQ24EreytZ2c
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2032 wrote to memory of 1640 2032 rundll32.exe 28 PID 2032 wrote to memory of 1640 2032 rundll32.exe 28 PID 2032 wrote to memory of 1640 2032 rundll32.exe 28 PID 2032 wrote to memory of 1640 2032 rundll32.exe 28 PID 2032 wrote to memory of 1640 2032 rundll32.exe 28 PID 2032 wrote to memory of 1640 2032 rundll32.exe 28 PID 2032 wrote to memory of 1640 2032 rundll32.exe 28