Overview

overview

7

Static

static

3

tbassass-v110901.exe

windows7-x64

7

tbassass-v110901.exe

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

7z.dll

windows7-x64

1

7z.dll

windows10-2004-x64

3

7z.exe

windows7-x64

1

7z.exe

windows10-2004-x64

1

GTA.exe

windows7-x64

7

GTA.exe

windows10-2004-x64

7

Resource/B...us.dll

windows7-x64

1

Resource/B...us.dll

windows10-2004-x64

1

Resource/B...s0.dll

windows7-x64

1

Resource/B...s0.dll

windows10-2004-x64

1

Resource/B...s0.dll

windows7-x64

1

Resource/B...s0.dll

windows10-2004-x64

1

Resource/Bins/G.dll

windows7-x64

1

Resource/Bins/G.dll

windows10-2004-x64

1

Resource/Bins/Gax.dll

windows7-x64

3

Resource/Bins/Gax.dll

windows10-2004-x64

3

Resource/B...PI.dll

windows7-x64

1

Resource/B...PI.dll

windows10-2004-x64

1

Resource/Bins/hyp.dll

windows7-x64

1

Resource/Bins/hyp.dll

windows10-2004-x64

1

Resource/Bins/xml.dll

windows7-x64

1

Resource/Bins/xml.dll

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    12-07-2024 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Resource/Bins/AppPlus.dll

  • Size

    80KB

  • MD5

    5f914a89bf4ed84141c66da479e1bc22

  • SHA1

    94d580f012dfd5fd6c5ec2b1ea6cecb4d11b8bdf

  • SHA256

    cd334e4cabe7b3600ec792ed0cf5e7e2bfa4c50f1b1dfbfb20d4bee0f347df89

  • SHA512

    702e403637f9441e946d94c7d4c86bf0efed2ac14d9125625502fe9ca962528bd9ab91435deb82c915987b30e17e8af43cc8c96cae869c59e0c9d0d5eaa7c86d

  • SSDEEP

    768:y1lGBHTWWiKShScAZtFgDGTGdECHqtl7PDlJNLAa9B8oCspG:yvGBHUKShScA3GKTqEL3lJVpUoCspG

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Resource\Bins\AppPlus.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Resource\Bins\AppPlus.dll,#1
      2⤵
        PID:592

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads