Overview
overview
7Static
static
3CrossOver.exe
windows7-x64
7CrossOver.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ls.dll
windows7-x64
3$PLUGINSDI...ls.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...ll.dll
windows7-x64
3$PLUGINSDI...ll.dll
windows10-2004-x64
3resources/...ils.js
windows7-x64
3resources/...ils.js
windows10-2004-x64
3resources/...ted.js
windows7-x64
3resources/...ted.js
windows10-2004-x64
3resources/...l.d.js
windows7-x64
3resources/...l.d.js
windows10-2004-x64
3resources/...ain.js
windows7-x64
3resources/...ain.js
windows10-2004-x64
3resources/...ild.js
windows7-x64
3resources/...ild.js
windows10-2004-x64
3resources/...ok.dll
windows7-x64
3resources/...ok.dll
windows10-2004-x64
3resources/...ok.dll
windows7-x64
3resources/...ok.dll
windows10-2004-x64
3resources/...ok.dll
windows7-x64
1resources/...ok.dll
windows10-2004-x64
1resources/...ok.dll
windows7-x64
1resources/...ok.dll
windows10-2004-x64
1resources/...ils.js
windows7-x64
3resources/...ils.js
windows10-2004-x64
3resources/...ted.js
windows7-x64
3resources/...ted.js
windows10-2004-x64
3Analysis
-
max time kernel
120s -
max time network
131s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
13-11-2024 21:41
Static task
static1
Behavioral task
behavioral1
Sample
CrossOver.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
CrossOver.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/SpiderBanner.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/StdUtils.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/WinShell.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/WinShell.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
resources/app.asar.unpacked/node_modules/@nodert-win10-au/windows.applicationmodel/NodeRtUtils.js
Resource
win7-20240903-en
Behavioral task
behavioral12
Sample
resources/app.asar.unpacked/node_modules/@nodert-win10-au/windows.applicationmodel/NodeRtUtils.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
resources/app.asar.unpacked/node_modules/@nodert-win10-au/windows.applicationmodel/_nodert_generated.js
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
resources/app.asar.unpacked/node_modules/@nodert-win10-au/windows.applicationmodel/_nodert_generated.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
resources/app.asar.unpacked/node_modules/@nodert-win10-au/windows.applicationmodel/lib/NodeRT_Windows_ApplicationModel.d.js
Resource
win7-20241023-en
Behavioral task
behavioral16
Sample
resources/app.asar.unpacked/node_modules/@nodert-win10-au/windows.applicationmodel/lib/NodeRT_Windows_ApplicationModel.d.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
resources/app.asar.unpacked/node_modules/@nodert-win10-au/windows.applicationmodel/lib/main.js
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
resources/app.asar.unpacked/node_modules/@nodert-win10-au/windows.applicationmodel/lib/main.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
resources/app.asar.unpacked/node_modules/iohook/build.js
Resource
win7-20241010-en
Behavioral task
behavioral20
Sample
resources/app.asar.unpacked/node_modules/iohook/build.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v85-win32-ia32/build/Release/iohook.dll
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v85-win32-ia32/build/Release/iohook.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v85-win32-ia32/build/Release/uiohook.dll
Resource
win7-20240903-en
Behavioral task
behavioral24
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v85-win32-ia32/build/Release/uiohook.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v85-win32-x64/build/Release/iohook.dll
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v85-win32-x64/build/Release/iohook.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v85-win32-x64/build/Release/uiohook.dll
Resource
win7-20241023-en
Behavioral task
behavioral28
Sample
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v85-win32-x64/build/Release/uiohook.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
resources/app.asar.unpacked/node_modules/@nodert-win10-au/windows.applicationmodel/NodeRtUtils.js
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
resources/app.asar.unpacked/node_modules/@nodert-win10-au/windows.applicationmodel/NodeRtUtils.js
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
resources/app.asar.unpacked/node_modules/@nodert-win10-au/windows.applicationmodel/_nodert_generated.js
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
resources/app.asar.unpacked/node_modules/@nodert-win10-au/windows.applicationmodel/_nodert_generated.js
Resource
win10v2004-20241007-en
General
-
Target
resources/app.asar.unpacked/node_modules/iohook/builds/electron-v85-win32-x64/build/Release/iohook.dll
-
Size
156KB
-
MD5
72d0e43eb061779fdff81523bfcbafb7
-
SHA1
8771eed6b959a9fff1012828fff4e9d120d07c0a
-
SHA256
426f0fcaa3e30b37cc92f3ee69e15758c272fa6039f8796582ccf0193b216133
-
SHA512
7aa6b39f677aaa7d62c10c81b68bd51882501e5f3ac3d2f5ede42565716a3f6a31e0822474171d2a584393c34d41d93c9add9f6b41aaa2f23d2f75dfc0e2e418
-
SSDEEP
3072:/K6y6eTnEbyz0Gdtyp9Dn1+n3I1mfkVGfuN8vb:/KgbyzDtiZ+n3wNcb
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid Process procid_target PID 2492 wrote to memory of 1240 2492 rundll32.exe 31 PID 2492 wrote to memory of 1240 2492 rundll32.exe 31 PID 2492 wrote to memory of 1240 2492 rundll32.exe 31
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\resources\app.asar.unpacked\node_modules\iohook\builds\electron-v85-win32-x64\build\Release\iohook.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2492 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2492 -s 1562⤵PID:1240
-