Overview
overview
10Static
static
7MedicareSi...rp.dll
windows7-x64
1MedicareSi...rp.dll
windows10-2004-x64
1MedicareSi...rt.exe
windows7-x64
7MedicareSi...rt.exe
windows10-2004-x64
10MedicareSi...er.dll
windows7-x64
1MedicareSi...er.dll
windows10-2004-x64
10MedicareSi...nt.dll
windows7-x64
5MedicareSi...nt.dll
windows10-2004-x64
5MedicareSi...nt.dll
windows7-x64
1MedicareSi...nt.dll
windows10-2004-x64
1MedicareSi...ct.dll
windows7-x64
3MedicareSi...ct.dll
windows10-2004-x64
3MedicareSi...32.dll
windows7-x64
1MedicareSi...32.dll
windows10-2004-x64
1MedicareSi...ls.dll
windows7-x64
3MedicareSi...ls.dll
windows10-2004-x64
3MedicareSi..._1.dll
windows7-x64
3MedicareSi..._1.dll
windows10-2004-x64
3MedicareSi...MD.dll
windows7-x64
3MedicareSi...MD.dll
windows10-2004-x64
3MedicareSi...rl.dll
windows7-x64
3MedicareSi...rl.dll
windows10-2004-x64
3MedicareSi...in.dll
windows7-x64
3MedicareSi...in.dll
windows10-2004-x64
3MedicareSi..._1.dll
windows7-x64
1MedicareSi..._1.dll
windows10-2004-x64
1MedicareSi...20.dll
windows7-x64
3MedicareSi...20.dll
windows10-2004-x64
3MedicareSign/opus.dll
windows7-x64
1MedicareSign/opus.dll
windows10-2004-x64
1MedicareSi...e3.dll
windows7-x64
1MedicareSi...e3.dll
windows10-2004-x64
3Analysis
-
max time kernel
120s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
15-07-2024 08:31
Behavioral task
behavioral1
Sample
MedicareSign/AstCrp.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
MedicareSign/AstCrp.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
MedicareSign/MedicareStart.exe
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral4
Sample
MedicareSign/MedicareStart.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
MedicareSign/SHFolder.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral6
Sample
MedicareSign/SHFolder.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
MedicareSign/astclient.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral8
Sample
MedicareSign/astclient.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
MedicareSign/astprint.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral10
Sample
MedicareSign/astprint.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
MedicareSign/astrct.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral12
Sample
MedicareSign/astrct.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
MedicareSign/aw_sas32.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral14
Sample
MedicareSign/aw_sas32.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
MedicareSign/hatls.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
MedicareSign/hatls.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
MedicareSign/libcrypto1_1.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral18
Sample
MedicareSign/libcrypto1_1.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
MedicareSign/libcryptoMD.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral20
Sample
MedicareSign/libcryptoMD.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
MedicareSign/libcurl.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral22
Sample
MedicareSign/libcurl.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
MedicareSign/libjpegturbowin.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral24
Sample
MedicareSign/libjpegturbowin.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
MedicareSign/libssl1_1.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral26
Sample
MedicareSign/libssl1_1.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
MedicareSign/msvcr120.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral28
Sample
MedicareSign/msvcr120.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
MedicareSign/opus.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral30
Sample
MedicareSign/opus.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
MedicareSign/sqlite3.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral32
Sample
MedicareSign/sqlite3.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
MedicareSign/AstCrp.dll
-
Size
171KB
-
MD5
dbb4bccfe8fee299d555a19865c41921
-
SHA1
a6c494854ca8bec80c05e259a9d8d9346ec61786
-
SHA256
45e87d7421b6b65c207e8d564a4e54dcdab7b104b83341f63d348f8894bde992
-
SHA512
5b5b6091655801c984e87a5de4b8c3771b7ff8a069206662650ba652711db48a4912a613015c2254215ccbd252c475c4a4f00efcb1e0dfb404c6736746a187a4
-
SSDEEP
3072:SNqEUD0UXALbdEHP5HJ1XDhaWwJ/kYc3e2uYOAg0FujDX8fLa/DNqulyZpx:IUqVy1Xta7tkV2AOHkulU
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2416 wrote to memory of 2548 2416 rundll32.exe 30 PID 2416 wrote to memory of 2548 2416 rundll32.exe 30 PID 2416 wrote to memory of 2548 2416 rundll32.exe 30 PID 2416 wrote to memory of 2548 2416 rundll32.exe 30 PID 2416 wrote to memory of 2548 2416 rundll32.exe 30 PID 2416 wrote to memory of 2548 2416 rundll32.exe 30 PID 2416 wrote to memory of 2548 2416 rundll32.exe 30