Overview
overview
3Static
static
3HKCDelFile.sys
windows7-x64
1HKCDelFile.sys
windows10-2004-x64
1hkcsa.exe
windows7-x64
1hkcsa.exe
windows10-2004-x64
1icmp.dll
windows7-x64
1icmp.dll
windows10-2004-x64
1msfix.dll
windows7-x64
1msfix.dll
windows10-2004-x64
1plugscan.dll
windows7-x64
1plugscan.dll
windows10-2004-x64
1新云软件.url
windows7-x64
1新云软件.url
windows10-2004-x64
1Analysis
-
max time kernel
15s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
10/07/2024, 14:17
Static task
static1
Behavioral task
behavioral1
Sample
HKCDelFile.sys
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
HKCDelFile.sys
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
hkcsa.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
hkcsa.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
icmp.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
icmp.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
msfix.dll
Resource
win7-20240705-en
Behavioral task
behavioral8
Sample
msfix.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
plugscan.dll
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
plugscan.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
新云软件.url
Resource
win7-20240705-en
Behavioral task
behavioral12
Sample
新云软件.url
Resource
win10v2004-20240709-en
General
-
Target
icmp.dll
-
Size
3KB
-
MD5
67e3e7be9be25202604eccbde795d93d
-
SHA1
69d030277fbe63e33e399678416a80a29d68e69f
-
SHA256
0591d0a536e3eacb642d64a52df122839c4dade741da8c474a1d0d7d457c0a05
-
SHA512
950c84e7d8128310dbc29034ecd420183d2489c6d382357a922b50913e7dcfd05898469336097a31aedea83db5073a915f1c3f8d6d411333c79a34e520b8769e
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2488 wrote to memory of 2968 2488 rundll32.exe 29 PID 2488 wrote to memory of 2968 2488 rundll32.exe 29 PID 2488 wrote to memory of 2968 2488 rundll32.exe 29