Overview
overview
10Static
static
7malware/1/Setup.exe
windows7-x64
10malware/1/Setup.exe
windows10-2004-x64
10malware/2/Setup.exe
windows7-x64
10malware/2/Setup.exe
windows10-2004-x64
10malware/3/...p_.exe
windows7-x64
7malware/3/...p_.exe
windows10-2004-x64
7malware/4/Setup.exe
windows7-x64
10malware/4/Setup.exe
windows10-2004-x64
10malware/5/...ls.dll
windows7-x64
1malware/5/...ls.dll
windows10-2004-x64
1malware/5/...ng.dll
windows7-x64
1malware/5/...ng.dll
windows10-2004-x64
1malware/5/...nt.dll
windows7-x64
1malware/5/...nt.dll
windows10-2004-x64
1malware/5/...pt.dll
windows7-x64
1malware/5/...pt.dll
windows10-2004-x64
1malware/5/...ib.dll
windows7-x64
1malware/5/...ib.dll
windows10-2004-x64
1malware/5/...ns.dll
windows7-x64
1malware/5/...ns.dll
windows10-2004-x64
1malware/5/...on.dll
windows7-x64
1malware/5/...on.dll
windows10-2004-x64
1malware/5/...op.dll
windows7-x64
3malware/5/...op.dll
windows10-2004-x64
3malware/5/...en.dll
windows7-x64
1malware/5/...en.dll
windows10-2004-x64
1malware/5/...te.dll
windows7-x64
1malware/5/...te.dll
windows10-2004-x64
1malware/5/...ty.dll
windows7-x64
1malware/5/...ty.dll
windows10-2004-x64
1malware/5/...api.js
windows7-x64
3malware/5/...api.js
windows10-2004-x64
3Analysis
-
max time kernel
119s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
29/12/2024, 13:48
Behavioral task
behavioral1
Sample
malware/1/Setup.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral2
Sample
malware/1/Setup.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
malware/2/Setup.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
malware/2/Setup.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
malware/3/free_sea_of_thieves_hacks_(esp_.exe
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral6
Sample
malware/3/free_sea_of_thieves_hacks_(esp_.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
malware/4/Setup.exe
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
malware/4/Setup.exe
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
malware/5/Data/Plug-ins/root/data/BIBUtils.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
malware/5/Data/Plug-ins/root/data/BIBUtils.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
malware/5/Data/Plug-ins/root/data/CITThreading.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral12
Sample
malware/5/Data/Plug-ins/root/data/CITThreading.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
malware/5/Data/Plug-ins/root/data/CRClient.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
malware/5/Data/Plug-ins/root/data/CRClient.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
malware/5/Data/Plug-ins/root/data/ExtendScript.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
malware/5/Data/Plug-ins/root/data/ExtendScript.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
malware/5/Data/Plug-ins/root/data/JP2KLib.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral18
Sample
malware/5/Data/Plug-ins/root/data/JP2KLib.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
malware/5/Data/Plug-ins/root/data/Microsoft.Expression.Interactions.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral20
Sample
malware/5/Data/Plug-ins/root/data/Microsoft.Expression.Interactions.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
malware/5/Data/Plug-ins/root/data/Newtonsoft.Json.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
malware/5/Data/Plug-ins/root/data/Newtonsoft.Json.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
malware/5/Data/Plug-ins/root/data/SQLite.Interop.dll
Resource
win7-20240708-en
windows7-x64
Behavioral task
behavioral24
Sample
malware/5/Data/Plug-ins/root/data/SQLite.Interop.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
malware/5/Data/Plug-ins/root/data/SharpRaven.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral26
Sample
malware/5/Data/Plug-ins/root/data/SharpRaven.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
malware/5/Data/Plug-ins/root/data/System.Data.SQLite.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral28
Sample
malware/5/Data/Plug-ins/root/data/System.Data.SQLite.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
malware/5/Data/Plug-ins/root/data/System.Windows.Interactivity.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
malware/5/Data/Plug-ins/root/data/System.Windows.Interactivity.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
malware/5/Data/Plug-ins/root/data/api.js
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral32
Sample
malware/5/Data/Plug-ins/root/data/api.js
Resource
win10v2004-20241007-en
windows10-2004-x64
General
-
Target
malware/5/Data/Plug-ins/root/data/CITThreading.dll
-
Size
161KB
-
MD5
08f8df5b67af0c9e43bae814bdb21eae
-
SHA1
b6b0608f96f912ed3994147a631b82bd346f13d4
-
SHA256
8327ba3d80d78ce232be9705484b93fb80142e9bfa0f27f564f9fb87a3f36fed
-
SHA512
0bc2065f530eacd70413d2456ab610bbededabebc08a3985e819558adab2f4bd86fa630a31522511adda4bbbf53f3ba8dc2a7755107f58be2dd961d44dc619a2
-
SSDEEP
3072:kJgP/Uzvw5CkjjtOrADecdC8KLiaQsKPfrz0++zQHCB/yBTu:hkzvLojtG+KLiJl3rIYCBqBS
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2372 wrote to memory of 1280 2372 rundll32.exe 31 PID 2372 wrote to memory of 1280 2372 rundll32.exe 31 PID 2372 wrote to memory of 1280 2372 rundll32.exe 31