Overview
overview
7Static
static
7Valkyrie.exe
windows7-x64
1Valkyrie.exe
windows10-2004-x64
1WallHack.dll
windows7-x64
7WallHack.dll
windows10-2004-x64
7x64/msvcr100.dll
windows7-x64
1x64/msvcr100.dll
windows10-2004-x64
1x64/msvcr100d.dll
windows7-x64
1x64/msvcr100d.dll
windows10-2004-x64
1x86/msvcr100.dll
windows7-x64
3x86/msvcr100.dll
windows10-2004-x64
3x86/msvcr100d.dll
windows7-x64
3x86/msvcr100d.dll
windows10-2004-x64
3Analysis
-
max time kernel
93s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
09-07-2024 09:38
Behavioral task
behavioral1
Sample
Valkyrie.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
Valkyrie.exe
Resource
win10v2004-20240704-en
Behavioral task
behavioral3
Sample
WallHack.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
WallHack.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral5
Sample
x64/msvcr100.dll
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
x64/msvcr100.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
x64/msvcr100d.dll
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
x64/msvcr100d.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral9
Sample
x86/msvcr100.dll
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
x86/msvcr100.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral11
Sample
x86/msvcr100d.dll
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
x86/msvcr100d.dll
Resource
win10v2004-20240704-en
General
-
Target
WallHack.dll
-
Size
160KB
-
MD5
bb2404176b6b87c415374b77ba385c8b
-
SHA1
5bfd694ce33c7003de417e1a9ad13bae3cfc229f
-
SHA256
8872a08ea3127543abc403dfeabfb6418936d61e1c9c10d328bd7c7f26fb0fb0
-
SHA512
0d48045b2a936d61c2d74db1a33f611533372943be57c00dc219a4f2ebd29e7e2e4a93181874b2a227d9b70d3d30c6ad05d22bd8ed4c3ff12f23ada4d154d644
-
SSDEEP
3072:IsS25sV8jvkKilsNhlquXJR3ve4cxL9jFkWUCKEl9/GKcGj:IsSm6KkhmDlBZULw53aoKj
Malware Config
Signatures
-
resource yara_rule behavioral4/memory/3948-0-0x0000000075710000-0x0000000075760000-memory.dmp vmprotect behavioral4/memory/3948-1-0x0000000075710000-0x0000000075760000-memory.dmp vmprotect -
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
pid Process 3948 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4288 wrote to memory of 3948 4288 rundll32.exe 82 PID 4288 wrote to memory of 3948 4288 rundll32.exe 82 PID 4288 wrote to memory of 3948 4288 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\WallHack.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4288 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\WallHack.dll,#12⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:3948
-