Analysis
-
max time kernel
118s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
29-11-2024 13:44
Behavioral task
behavioral1
Sample
spoofer/EpicChecker.py
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
spoofer/EpicChecker.py
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
spoofer/crack.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
spoofer/crack.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
spoofer/mapper.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
spoofer/mapper.exe
Resource
win10v2004-20241007-en
General
-
Target
spoofer/crack.dll
-
Size
2.3MB
-
MD5
a99ecd8ec643dc9db372736fd6fd8eb5
-
SHA1
91e8270faf4666ca60d9b41ece1dd3f25c0fd8fd
-
SHA256
6fa983aab41fbe45a79236330245c49fbb318b75efb4bc6b78fa551d29ace518
-
SHA512
a8cd99023e6db3352a96ac7179acc5ae9e09e186f1a9ff55672fdac520821ef51cc48a7ac821b862966959ab174b49f17057744491656b9832b6dda61fd157bd
-
SSDEEP
49152:IK+yy5eom+KbDbF7BBLz1iYCY6nWefdmjLdGGf:Zom+Kbtz1iYCY6HfdmjLdGGf
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid Process procid_target PID 1984 wrote to memory of 2340 1984 rundll32.exe 30 PID 1984 wrote to memory of 2340 1984 rundll32.exe 30 PID 1984 wrote to memory of 2340 1984 rundll32.exe 30