Overview
overview
7Static
static
3CliFx.dll
windows7-x64
1CliFx.dll
windows10-2004-x64
1Newtonsoft.Json.dll
windows7-x64
1Newtonsoft.Json.dll
windows10-2004-x64
1Ruler.Engine.dll
windows7-x64
1Ruler.Engine.dll
windows10-2004-x64
1Ruler.Engine.pdb
windows7-x64
3Ruler.Engine.pdb
windows10-2004-x64
3Ruler.IRule.deps.json
windows7-x64
3Ruler.IRule.deps.json
windows10-2004-x64
3Ruler.IRule.exe
windows7-x64
1Ruler.IRule.exe
windows10-2004-x64
1Ruler.IRule.exe
windows7-x64
1Ruler.IRule.exe
windows10-2004-x64
7Ruler.IRule.pdb
windows7-x64
3Ruler.IRule.pdb
windows10-2004-x64
3Ruler.IRul...g.json
windows7-x64
3Ruler.IRul...g.json
windows10-2004-x64
3Spectre.Console.dll
windows7-x64
1Spectre.Console.dll
windows10-2004-x64
1ref/Ruler.IRule.exe
windows7-x64
1ref/Ruler.IRule.exe
windows10-2004-x64
1Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
23-07-2024 05:19
Static task
static1
Behavioral task
behavioral1
Sample
CliFx.dll
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
CliFx.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
Newtonsoft.Json.dll
Resource
win7-20240704-en
Behavioral task
behavioral4
Sample
Newtonsoft.Json.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
Ruler.Engine.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
Ruler.Engine.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
Ruler.Engine.pdb
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
Ruler.Engine.pdb
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
Ruler.IRule.deps.json
Resource
win7-20240704-en
Behavioral task
behavioral10
Sample
Ruler.IRule.deps.json
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
Ruler.IRule.exe
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
Ruler.IRule.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral13
Sample
Ruler.IRule.exe
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
Ruler.IRule.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
Ruler.IRule.pdb
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
Ruler.IRule.pdb
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
Ruler.IRule.runtimeconfig.json
Resource
win7-20240704-en
Behavioral task
behavioral18
Sample
Ruler.IRule.runtimeconfig.json
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
Spectre.Console.dll
Resource
win7-20240708-en
Behavioral task
behavioral20
Sample
Spectre.Console.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral21
Sample
ref/Ruler.IRule.exe
Resource
win7-20240708-en
Behavioral task
behavioral22
Sample
ref/Ruler.IRule.exe
Resource
win10v2004-20240709-en
General
-
Target
ref/Ruler.IRule.exe
-
Size
19KB
-
MD5
53219a941c35e570766d68b006e564da
-
SHA1
3e30428a2b0b355244250707222d0fe3e1120de5
-
SHA256
d71d16e27a2588d571b9fb5d363d8d0fc21cdb9c7147cd62a1fa3d2965d7d3ca
-
SHA512
f6f892bf6dca0c0170151331d02c7593c51cbf2a2b1263f590820ad01622aa289c03b9c9c837c3a429cb9d5099d7807e9ade80037b285549a1d15ce171754ff4
-
SSDEEP
192:goJtxMHb92e7PSjNtB2vwAbKBrJFEgG81V:g0xM7QOsNtCKBf
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Ruler.IRule.exedescription pid process target process PID 2528 wrote to memory of 2888 2528 Ruler.IRule.exe WerFault.exe PID 2528 wrote to memory of 2888 2528 Ruler.IRule.exe WerFault.exe PID 2528 wrote to memory of 2888 2528 Ruler.IRule.exe WerFault.exe