Overview

overview

10

Static

static

7

ead791414b...d4.exe

windows7-x64

7

ead791414b...d4.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

114IE.exe

windows7-x64

10

114IE.exe

windows10-2004-x64

10

bin/114Web.exe

windows7-x64

1

bin/114Web.exe

windows10-2004-x64

1

bin/Addr.dll

windows7-x64

3

bin/Addr.dll

windows10-2004-x64

3

bin/CameraDll.dll

windows7-x64

1

bin/CameraDll.dll

windows10-2004-x64

1

bin/SnapShot.exe

windows7-x64

1

bin/SnapShot.exe

windows10-2004-x64

1

bin/TGHistory.dll

windows7-x64

1

bin/TGHistory.dll

windows10-2004-x64

1

bin/TGMail.dll

windows7-x64

1

bin/TGMail.dll

windows10-2004-x64

1

bin/TGNetWork.dll

windows7-x64

1

bin/TGNetWork.dll

windows10-2004-x64

3

bin/TGRes.dll

windows7-x64

1

bin/TGRes.dll

windows10-2004-x64

1

bin/shdoclc.dll

windows7-x64

1

bin/shdoclc.dll

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    94s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-07-2024 23:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bin/TGMail.dll

  • Size

    10KB

  • MD5

    0dd252c56a284ca392bdee7dc25e3ee4

  • SHA1

    a04667d967f6fe552f63b8e6c099d437bfec15ed

  • SHA256

    f0a824ec3a5626a0764d9b1c9f3e0e4032a34f4724ec235d8baf79797a299aa0

  • SHA512

    bdc29d30979b9a34e46390e09fb9a368e5f6bae39d018fe8da6b61b37052baba6089d469d654dc5c9d9389c68b8752b92c2c06d73791a3600a1dc7ca12cf6bfc

  • SSDEEP

    192:0ypZrJeGEccLrOfOZfS3XuEq39SkazQpkqs1IZiwfCx+ebCfXZmG:0ypZdFEccLifOZf++m31+NCnbC

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\TGMail.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5080
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\TGMail.dll,#1
      2⤵
        PID:3516

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads