Overview
overview
7Static
static
3840971f6b9...0N.exe
windows7-x64
7840971f6b9...0N.exe
windows10-2004-x64
7$COMMONFIL...ip.dll
windows7-x64
3$COMMONFIL...ip.dll
windows10-2004-x64
1$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDIR/Math.dll
windows7-x64
3$PLUGINSDIR/Math.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
37ZipDLL.dll
windows7-x64
17ZipDLL.dll
windows10-2004-x64
1CommonLogg...on.dll
windows7-x64
1CommonLogg...on.dll
windows10-2004-x64
1CommonSpecialist.dll
windows7-x64
1CommonSpecialist.dll
windows10-2004-x64
3ExtensionManager.dll
windows7-x64
3ExtensionManager.dll
windows10-2004-x64
3HandleUpdate.dll
windows7-x64
3HandleUpdate.dll
windows10-2004-x64
3LiteUnzip.dll
windows7-x64
3LiteUnzip.dll
windows10-2004-x64
1LiteZip.dll
windows7-x64
3LiteZip.dll
windows10-2004-x64
3MyResources.dll
windows7-x64
1MyResources.dll
windows10-2004-x64
1RegHookSpecialist.dll
windows7-x64
1RegHookSpecialist.dll
windows10-2004-x64
3Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
16-07-2024 06:46
Static task
static1
Behavioral task
behavioral1
Sample
840971f6b9e264361d0748afca50d310N.exe
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral2
Sample
840971f6b9e264361d0748afca50d310N.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$COMMONFILES/SpeedyPC Software/UUS3/LiteUnzip.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral4
Sample
$COMMONFILES/SpeedyPC Software/UUS3/LiteUnzip.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/GraphicalInstaller.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/GraphicalInstaller.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/Math.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/Math.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/SkinnedControls.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/SkinnedControls.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral14
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
7ZipDLL.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral16
Sample
7ZipDLL.dll
Resource
win10v2004-20240704-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
CommonLoggingExtension.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral18
Sample
CommonLoggingExtension.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
CommonSpecialist.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral20
Sample
CommonSpecialist.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
ExtensionManager.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral22
Sample
ExtensionManager.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
HandleUpdate.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral24
Sample
HandleUpdate.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
LiteUnzip.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral26
Sample
LiteUnzip.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
LiteZip.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral28
Sample
LiteZip.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
MyResources.dll
Resource
win7-20240705-en
windows7-x64
Behavioral task
behavioral30
Sample
MyResources.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
RegHookSpecialist.dll
Resource
win7-20240704-en
windows7-x64
Behavioral task
behavioral32
Sample
RegHookSpecialist.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
General
-
Target
HandleUpdate.dll
-
Size
1.5MB
-
MD5
4c10f80fc0e6bf4561dc4c2f9dc15e4c
-
SHA1
2cea6e0e220469173928510296a1b6a1b65f8c25
-
SHA256
bf29393c138a865535682c99cca2920e00f15a17bba14ae6ffb915de55535dd6
-
SHA512
07a18da0f91321232ad434d11382387a7e1381e9e55f37a53031f701aafdc3541b1b7465e0c2d3a53cfef022c526596ab0894e28b4c1c3b1fbb537b8ea65a6a7
-
SSDEEP
49152:zcqgaNMrg1bqbgPF7G6yFi9wdHqqz+z+NTwq2OYZJtkaPfMD/mxn:z2a31+bgPF7G6yFi9w1qS+z+NkOYZzkY
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2500 1540 WerFault.exe 29 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2320 wrote to memory of 1540 2320 rundll32.exe 29 PID 2320 wrote to memory of 1540 2320 rundll32.exe 29 PID 2320 wrote to memory of 1540 2320 rundll32.exe 29 PID 2320 wrote to memory of 1540 2320 rundll32.exe 29 PID 2320 wrote to memory of 1540 2320 rundll32.exe 29 PID 2320 wrote to memory of 1540 2320 rundll32.exe 29 PID 2320 wrote to memory of 1540 2320 rundll32.exe 29 PID 1540 wrote to memory of 2500 1540 rundll32.exe 30 PID 1540 wrote to memory of 2500 1540 rundll32.exe 30 PID 1540 wrote to memory of 2500 1540 rundll32.exe 30 PID 1540 wrote to memory of 2500 1540 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\HandleUpdate.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2320 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\HandleUpdate.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1540 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 2523⤵
- Program crash
PID:2500
-
-