Overview
overview
10Static
static
35F9F8AC1F7...D_.doc
windows7-x64
45F9F8AC1F7...D_.doc
windows10-2004-x64
16B97B3CD2F...et.exe
windows7-x64
16B97B3CD2F...et.exe
windows10-2004-x64
3901FA02FFD...ar.dll
windows7-x64
3901FA02FFD...ar.dll
windows10-2004-x64
3C116CD0832..._2.exe
windows7-x64
10C116CD0832..._2.exe
windows10-2004-x64
10PlugX_3C74...20.dll
windows7-x64
10PlugX_3C74...20.dll
windows10-2004-x64
10originalfi...ae.rtf
windows7-x64
4originalfi...ae.rtf
windows10-2004-x64
1Analysis
-
max time kernel
79s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
20-09-2024 23:58
Static task
static1
Behavioral task
behavioral1
Sample
5F9F8AC1F749B0637ECA6EF15910BF21_~WINWORD_.doc
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
5F9F8AC1F749B0637ECA6EF15910BF21_~WINWORD_.doc
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
6B97B3CD2FCFB4B74985143230441463_Gadget.exe
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
6B97B3CD2FCFB4B74985143230441463_Gadget.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
901FA02FFD43DE5B2D7C8C6B8C2F6A43_SideBar.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
901FA02FFD43DE5B2D7C8C6B8C2F6A43_SideBar.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
C116CD083284CC599C024C3479CA9B70_2.exe
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
C116CD083284CC599C024C3479CA9B70_2.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
PlugX_3C74A85C2CF883BD9D4B9F8B9746030F_DW20.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
PlugX_3C74A85C2CF883BD9D4B9F8B9746030F_DW20.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
originalfile/PlugX_RTF_dropper_42fba80f105aa53dfbf50aeba2d73cae.rtf
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
originalfile/PlugX_RTF_dropper_42fba80f105aa53dfbf50aeba2d73cae.rtf
Resource
win10v2004-20240802-en
General
-
Target
901FA02FFD43DE5B2D7C8C6B8C2F6A43_SideBar.dll
-
Size
41KB
-
MD5
901fa02ffd43de5b2d7c8c6b8c2f6a43
-
SHA1
8bb71adf1c418061510c40240852c3cd61fb214c
-
SHA256
3144079c68ba00cebfd05239a2f5bd406096ec02e13e8571ca24313df7a5b679
-
SHA512
6500b1a0e1a5995226bfcdaf1a33867bd9ccd5b84552db73f46dc1ee44461dbb29de6d16e8bf0da0c56d15ea60a4f44f105d005de139924ecb46d274cce90bab
-
SSDEEP
768:fQ+il+psGX0QEohGEVZ/E2G7k14rQMRkoIQ:fxiYVjE4VZ/ZWRkoI
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
rundll32.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 1292 wrote to memory of 1468 1292 rundll32.exe rundll32.exe PID 1292 wrote to memory of 1468 1292 rundll32.exe rundll32.exe PID 1292 wrote to memory of 1468 1292 rundll32.exe rundll32.exe PID 1292 wrote to memory of 1468 1292 rundll32.exe rundll32.exe PID 1292 wrote to memory of 1468 1292 rundll32.exe rundll32.exe PID 1292 wrote to memory of 1468 1292 rundll32.exe rundll32.exe PID 1292 wrote to memory of 1468 1292 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\901FA02FFD43DE5B2D7C8C6B8C2F6A43_SideBar.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1292 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\901FA02FFD43DE5B2D7C8C6B8C2F6A43_SideBar.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:1468
-