Overview
overview
10Static
static
10TotalAV.exe
windows7-x64
7TotalAV.exe
windows10-2004-x64
7System.Com...ns.dll
windows7-x64
1System.Com...ns.dll
windows10-2004-x64
1System.Com...nc.dll
windows7-x64
1System.Com...nc.dll
windows10-2004-x64
1System.Com...es.dll
windows7-x64
1System.Com...es.dll
windows10-2004-x64
1System.Com...er.dll
windows7-x64
1System.Com...er.dll
windows10-2004-x64
1System.Com...el.dll
windows7-x64
1System.Com...el.dll
windows10-2004-x64
1System.Con...er.dll
windows7-x64
1System.Con...er.dll
windows10-2004-x64
1System.Con...on.dll
windows7-x64
1System.Con...on.dll
windows10-2004-x64
1System.Console.dll
windows7-x64
1System.Console.dll
windows10-2004-x64
1System.Core.dll
windows7-x64
1System.Core.dll
windows10-2004-x64
1System.Dat...on.dll
windows7-x64
1System.Dat...on.dll
windows10-2004-x64
1System.Dat...ns.dll
windows7-x64
1System.Dat...ns.dll
windows10-2004-x64
1System.Dat...F6.dll
windows7-x64
1System.Dat...F6.dll
windows10-2004-x64
1System.Dat...te.dll
windows7-x64
1System.Dat...te.dll
windows10-2004-x64
1System.Dat...nt.dll
windows7-x64
1System.Dat...nt.dll
windows10-2004-x64
1System.Data.dll
windows7-x64
1System.Data.dll
windows10-2004-x64
1Analysis
-
max time kernel
1563s -
max time network
1573s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
12/07/2024, 01:29 UTC
Behavioral task
behavioral1
Sample
TotalAV.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral2
Sample
TotalAV.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
System.ComponentModel.DataAnnotations.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral4
Sample
System.ComponentModel.DataAnnotations.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
System.ComponentModel.EventBasedAsync.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral6
Sample
System.ComponentModel.EventBasedAsync.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
System.ComponentModel.Primitives.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral8
Sample
System.ComponentModel.Primitives.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
System.ComponentModel.TypeConverter.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral10
Sample
System.ComponentModel.TypeConverter.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
System.ComponentModel.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral12
Sample
System.ComponentModel.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
System.Configuration.ConfigurationManager.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral14
Sample
System.Configuration.ConfigurationManager.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
System.Configuration.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
System.Configuration.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
System.Console.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral18
Sample
System.Console.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
System.Core.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral20
Sample
System.Core.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
System.Data.Common.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral22
Sample
System.Data.Common.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
System.Data.DataSetExtensions.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral24
Sample
System.Data.DataSetExtensions.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
System.Data.SQLite.EF6.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral26
Sample
System.Data.SQLite.EF6.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
System.Data.SQLite.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
System.Data.SQLite.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
System.Data.SqlClient.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral30
Sample
System.Data.SqlClient.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
System.Data.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral32
Sample
System.Data.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
System.ComponentModel.EventBasedAsync.dll
-
Size
46KB
-
MD5
85d20e23388d25b8955b02fab8d2c1e0
-
SHA1
7cda8864afa3bd85fe6be57719731ee41989849d
-
SHA256
98ccfbdc64490d49b5893288e7acad0831eefc015b9743b75aac146e599df9a9
-
SHA512
21c9a325361ba8c989b61801fb63e7ca1d5a95aaa2bb6c8fd0f3875d9104f79e8fb694b852497b008f4f9ee259468841be7e490e4df34eb816a00b0157f7e795
-
SSDEEP
384:bWTwWifTTZa1IdWBj/D3fM57bQfL9XkWovbJKfCvDXxO88+aEZ4jIwVQBvyW1QUg:0Dlzfw7EBWd88IVq4F/it9zO/f
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1660 wrote to memory of 2396 1660 rundll32.exe 31 PID 1660 wrote to memory of 2396 1660 rundll32.exe 31 PID 1660 wrote to memory of 2396 1660 rundll32.exe 31 PID 1660 wrote to memory of 2396 1660 rundll32.exe 31 PID 1660 wrote to memory of 2396 1660 rundll32.exe 31 PID 1660 wrote to memory of 2396 1660 rundll32.exe 31 PID 1660 wrote to memory of 2396 1660 rundll32.exe 31
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\System.ComponentModel.EventBasedAsync.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1660 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\System.ComponentModel.EventBasedAsync.dll,#12⤵PID:2396
-