Overview
overview
10Static
static
10GetInfo.exe
windows7-x64
3GetInfo.exe
windows10-2004-x64
3IDBLK_TIMING.dll
windows7-x64
3IDBLK_TIMING.dll
windows10-2004-x64
3MPALL_F1_E...0D.exe
windows7-x64
10MPALL_F1_E...0D.exe
windows10-2004-x64
10MPALL_F2_v363_0D.exe
windows7-x64
10MPALL_F2_v363_0D.exe
windows10-2004-x64
10MPParamEdit_F1.exe
windows7-x64
3MPParamEdit_F1.exe
windows10-2004-x64
3MPParamEdit_F2.exe
windows7-x64
3MPParamEdit_F2.exe
windows10-2004-x64
3inpout32.dll
windows7-x64
8inpout32.dll
windows10-2004-x64
8Analysis
-
max time kernel
136s -
max time network
142s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
29-08-2024 02:50
Behavioral task
behavioral1
Sample
GetInfo.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
GetInfo.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
IDBLK_TIMING.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
IDBLK_TIMING.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
MPALL_F1_EC00_v363_0D.exe
Resource
win7-20240705-en
Behavioral task
behavioral6
Sample
MPALL_F1_EC00_v363_0D.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
MPALL_F2_v363_0D.exe
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
MPALL_F2_v363_0D.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
MPParamEdit_F1.exe
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
MPParamEdit_F1.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
MPParamEdit_F2.exe
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
MPParamEdit_F2.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
inpout32.dll
Resource
win7-20240704-en
Behavioral task
behavioral14
Sample
inpout32.dll
Resource
win10v2004-20240802-en
General
-
Target
inpout32.dll
-
Size
48KB
-
MD5
99ececb007d9d62941ac0edcdb4c265e
-
SHA1
eba4d9359ac906809a102695c9cc32be63e40058
-
SHA256
2a08780ecd3a2c42bebda55d3eec3a69a417312e7a884f89b53aecad729b9af3
-
SHA512
d9bbb9d63c7fa6327f5edcf142c64da990824a75a5783074cc95c2581378fdb5cef12d65c7e4663eeab15bde90978f4c1704aa0725c69bec4e01a754aff4a8e9
-
SSDEEP
768:0kKvTva8kE/dkfn3S4P+/+C2n3v8oLeZ9F:0kKvTvaXEmXPqG0oLe
Malware Config
Signatures
-
Drops file in Drivers directory 1 IoCs
description ioc Process File created C:\Windows\SysWOW64\Drivers\hwinterface.sys rundll32.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious behavior: LoadsDriver 1 IoCs
pid Process 660 Process not Found -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3360 wrote to memory of 2680 3360 rundll32.exe 84 PID 3360 wrote to memory of 2680 3360 rundll32.exe 84 PID 3360 wrote to memory of 2680 3360 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\inpout32.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3360 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\inpout32.dll,#12⤵
- Drops file in Drivers directory
- System Location Discovery: System Language Discovery
PID:2680
-