Overview

overview

7

Static

static

3

tbassass-v110901.exe

windows7-x64

7

tbassass-v110901.exe

windows10-2004-x64

7

$PLUGINSDI...RL.dll

windows7-x64

3

$PLUGINSDI...RL.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

7z.dll

windows7-x64

1

7z.dll

windows10-2004-x64

3

7z.exe

windows7-x64

1

7z.exe

windows10-2004-x64

1

GTA.exe

windows7-x64

7

GTA.exe

windows10-2004-x64

7

Resource/B...us.dll

windows7-x64

1

Resource/B...us.dll

windows10-2004-x64

1

Resource/B...s0.dll

windows7-x64

1

Resource/B...s0.dll

windows10-2004-x64

1

Resource/B...s0.dll

windows7-x64

1

Resource/B...s0.dll

windows10-2004-x64

1

Resource/Bins/G.dll

windows7-x64

1

Resource/Bins/G.dll

windows10-2004-x64

1

Resource/Bins/Gax.dll

windows7-x64

3

Resource/Bins/Gax.dll

windows10-2004-x64

3

Resource/B...PI.dll

windows7-x64

1

Resource/B...PI.dll

windows10-2004-x64

1

Resource/Bins/hyp.dll

windows7-x64

1

Resource/Bins/hyp.dll

windows10-2004-x64

1

Resource/Bins/xml.dll

windows7-x64

1

Resource/Bins/xml.dll

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

新云软件.url

windows7-x64

1

新云软件.url

windows10-2004-x64

1

Analysis

  • max time kernel
    92s
  • max time network
    96s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/07/2024, 00:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Resource/Bins/xml.dll

  • Size

    84KB

  • MD5

    64ae9d3408769a65b262106451e3528c

  • SHA1

    61c598443103cb9cd85d39e8ba231f5643624235

  • SHA256

    3454ec5af915b76969b1619c2c73e7136fcbf031e4c33f3cd8cf6b8b87f9aeb9

  • SHA512

    d6a5a1f9a653c089cd64c1aeb2f8a4270593eadfba7acd700505524e3c172ad204107f6dd6a7f28ba84a2fd85e7b04637aa9de0b038efe85525afca43024eace

  • SSDEEP

    1536:zi67XayAvZcDFaYruTJY+R8gZaGor9SfhS05:267XayAxcDXkagMGorwfES

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Resource\Bins\xml.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4632
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Resource\Bins\xml.dll,#1
      2⤵
        PID:4608

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads