Overview
overview
7Static
static
7iUnlock GS...I2.dll
windows7-x64
1iUnlock GS...I2.dll
windows10-2004-x64
1iUnlock GS...ce.dll
windows7-x64
1iUnlock GS...ce.dll
windows10-2004-x64
1iUnlock GS...UI.dll
windows7-x64
1iUnlock GS...UI.dll
windows10-2004-x64
1iUnlock GS...UI.dll
windows7-x64
1iUnlock GS...UI.dll
windows10-2004-x64
1iUnlock GS...on.dll
windows7-x64
1iUnlock GS...on.dll
windows10-2004-x64
1iUnlock GS...ns.dll
windows7-x64
1iUnlock GS...ns.dll
windows10-2004-x64
1iUnlock GS...on.dll
windows7-x64
1iUnlock GS...on.dll
windows10-2004-x64
1iUnlock GS...et.dll
windows7-x64
1iUnlock GS...et.dll
windows10-2004-x64
1iUnlock GS...ce.dll
windows7-x64
1iUnlock GS...ce.dll
windows10-2004-x64
1iUnlock GS...sk.exe
windows7-x64
7iUnlock GS...sk.exe
windows10-2004-x64
7iUnlock GS...09.dll
windows7-x64
1iUnlock GS...09.dll
windows10-2004-x64
1iUnlock GS...bK.dll
windows7-x64
1iUnlock GS...bK.dll
windows10-2004-x64
1iUnlock GS...r2.dll
windows7-x64
1iUnlock GS...r2.dll
windows10-2004-x64
1iUnlock GS...09.dll
windows7-x64
1iUnlock GS...09.dll
windows10-2004-x64
1iUnlock GS...86.dll
windows7-x64
1iUnlock GS...86.dll
windows10-2004-x64
1iUnlock GS...r2.dll
windows7-x64
4iUnlock GS...r2.dll
windows10-2004-x64
3Analysis
-
max time kernel
120s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
06-07-2024 00:41
Behavioral task
behavioral1
Sample
iUnlock GSM Ramdisk/Guna.UI2.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral2
Sample
iUnlock GSM Ramdisk/Guna.UI2.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
iUnlock GSM Ramdisk/MobileDevice.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral4
Sample
iUnlock GSM Ramdisk/MobileDevice.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
iUnlock GSM Ramdisk/SaaUI.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral6
Sample
iUnlock GSM Ramdisk/SaaUI.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
iUnlock GSM Ramdisk/Siticone.Desktop.UI.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral8
Sample
iUnlock GSM Ramdisk/Siticone.Desktop.UI.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
iUnlock GSM Ramdisk/SunnyUI.Common.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral10
Sample
iUnlock GSM Ramdisk/SunnyUI.Common.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
iUnlock GSM Ramdisk/System.ComponentModel.Annotations.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral12
Sample
iUnlock GSM Ramdisk/System.ComponentModel.Annotations.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
iUnlock GSM Ramdisk/System.Drawing.Common.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
iUnlock GSM Ramdisk/System.Drawing.Common.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
iUnlock GSM Ramdisk/TinyHome.Renci.SshNet.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
iUnlock GSM Ramdisk/TinyHome.Renci.SshNet.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
iUnlock GSM Ramdisk/iTunesMobileDevice.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
iUnlock GSM Ramdisk/iTunesMobileDevice.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
iUnlock GSM Ramdisk/iUnlock GSM Ramdisk.exe
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral20
Sample
iUnlock GSM Ramdisk/iUnlock GSM Ramdisk.exe
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/amd64/WdfCoInstaller01009.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral22
Sample
iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/amd64/WdfCoInstaller01009.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/amd64/libusbK.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral24
Sample
iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/amd64/libusbK.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/amd64/winusbcoinstaller2.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral26
Sample
iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/amd64/winusbcoinstaller2.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/x86/WdfCoInstaller01009.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/x86/WdfCoInstaller01009.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/x86/libusbK_x86.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/x86/libusbK_x86.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/x86/winusbcoinstaller2.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral32
Sample
iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/x86/winusbcoinstaller2.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
General
-
Target
iUnlock GSM Ramdisk/lib/.GASTER/.AppleMobileDeviceDFUMode/x86/libusbK_x86.dll
-
Size
82KB
-
MD5
bd03c4792f08f0c889441f49df9deb98
-
SHA1
157c8395159678a02fe55c1f60683b7d0f8e2a38
-
SHA256
e908fb5501d74f810948cacbe476658479f19f4d2aff14f9044f18981be9c6fc
-
SHA512
d8683012112ff9486eef436080f31469ef37be97ba12785d5b23c8f3190800645357436777b8b14da5af5c2342ec0aea6b47ba108d85f0fe3f2719e69d2fe90b
-
SSDEEP
1536:hiQXmKxOE4TrpFRsDrrywqNUNnzKJmtRwg4Ka9aqAe6MY4m:hiQWLdsDrrywqNUNncjg0Ae6MY4
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2880 wrote to memory of 1952 2880 rundll32.exe 28 PID 2880 wrote to memory of 1952 2880 rundll32.exe 28 PID 2880 wrote to memory of 1952 2880 rundll32.exe 28 PID 2880 wrote to memory of 1952 2880 rundll32.exe 28 PID 2880 wrote to memory of 1952 2880 rundll32.exe 28 PID 2880 wrote to memory of 1952 2880 rundll32.exe 28 PID 2880 wrote to memory of 1952 2880 rundll32.exe 28
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\iUnlock GSM Ramdisk\lib\.GASTER\.AppleMobileDeviceDFUMode\x86\libusbK_x86.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:2880 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\iUnlock GSM Ramdisk\lib\.GASTER\.AppleMobileDeviceDFUMode\x86\libusbK_x86.dll",#12⤵PID:1952
-