Overview
overview
10Static
static
10Bunifu.Licensing.dll
windows7-x64
1Bunifu.Licensing.dll
windows10-2004-x64
1Bunifu.UI.....3.dll
windows7-x64
1Bunifu.UI.....3.dll
windows10-2004-x64
1Bunifu.UI....on.dll
windows7-x64
1Bunifu.UI....on.dll
windows10-2004-x64
1Bunifu.UI....ox.dll
windows7-x64
1Bunifu.UI....ox.dll
windows10-2004-x64
1Bunifu.UI....ss.dll
windows7-x64
1Bunifu.UI....ss.dll
windows10-2004-x64
1Bunifu.UI....on.dll
windows7-x64
1Bunifu.UI....on.dll
windows10-2004-x64
1Bunifu.UI....ew.dll
windows7-x64
1Bunifu.UI....ew.dll
windows10-2004-x64
1Bunifu.UI....er.dll
windows7-x64
1Bunifu.UI....er.dll
windows10-2004-x64
1Bunifu.UI....wn.dll
windows7-x64
1Bunifu.UI....wn.dll
windows10-2004-x64
1Bunifu.UI....ck.dll
windows7-x64
1Bunifu.UI....ck.dll
windows10-2004-x64
1Bunifu.UI....ge.dll
windows7-x64
1Bunifu.UI....ge.dll
windows10-2004-x64
1Bunifu.UI....el.dll
windows7-x64
1Bunifu.UI....el.dll
windows10-2004-x64
1Bunifu.UI....ox.dll
windows7-x64
1Bunifu.UI....ox.dll
windows10-2004-x64
1Bunifu.UI....on.dll
windows7-x64
1Bunifu.UI....on.dll
windows10-2004-x64
1Bunifu.UI....el.dll
windows7-x64
1Bunifu.UI....el.dll
windows10-2004-x64
1Bunifu.UI....es.dll
windows7-x64
1Bunifu.UI....es.dll
windows10-2004-x64
1Analysis
-
max time kernel
139s -
max time network
106s -
platform
windows10-2004_x64 -
resource
win10v2004-20250129-en -
resource tags
arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system -
submitted
05-02-2025 15:25
Behavioral task
behavioral1
Sample
Bunifu.Licensing.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral2
Sample
Bunifu.Licensing.dll
Resource
win10v2004-20241007-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Bunifu.UI.WinForms.1.5.3.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral4
Sample
Bunifu.UI.WinForms.1.5.3.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Bunifu.UI.WinForms.BunifuButton.dll
Resource
win7-20241023-en
windows7-x64
Behavioral task
behavioral6
Sample
Bunifu.UI.WinForms.BunifuButton.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Bunifu.UI.WinForms.BunifuCheckBox.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral8
Sample
Bunifu.UI.WinForms.BunifuCheckBox.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Bunifu.UI.WinForms.BunifuCircleProgress.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral10
Sample
Bunifu.UI.WinForms.BunifuCircleProgress.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Bunifu.UI.WinForms.BunifuColorTransition.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral12
Sample
Bunifu.UI.WinForms.BunifuColorTransition.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Bunifu.UI.WinForms.BunifuDataGridView.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral14
Sample
Bunifu.UI.WinForms.BunifuDataGridView.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Bunifu.UI.WinForms.BunifuDatePicker.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral16
Sample
Bunifu.UI.WinForms.BunifuDatePicker.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Bunifu.UI.WinForms.BunifuDropdown.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral18
Sample
Bunifu.UI.WinForms.BunifuDropdown.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Bunifu.UI.WinForms.BunifuFormDock.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral20
Sample
Bunifu.UI.WinForms.BunifuFormDock.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Bunifu.UI.WinForms.BunifuGauge.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral22
Sample
Bunifu.UI.WinForms.BunifuGauge.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Bunifu.UI.WinForms.BunifuGradientPanel.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral24
Sample
Bunifu.UI.WinForms.BunifuGradientPanel.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Bunifu.UI.WinForms.BunifuGroupBox.dll
Resource
win7-20241010-en
windows7-x64
Behavioral task
behavioral26
Sample
Bunifu.UI.WinForms.BunifuGroupBox.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Bunifu.UI.WinForms.BunifuImageButton.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral28
Sample
Bunifu.UI.WinForms.BunifuImageButton.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Bunifu.UI.WinForms.BunifuLabel.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral30
Sample
Bunifu.UI.WinForms.BunifuLabel.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Bunifu.UI.WinForms.BunifuPages.dll
Resource
win7-20240903-en
windows7-x64
Behavioral task
behavioral32
Sample
Bunifu.UI.WinForms.BunifuPages.dll
Resource
win10v2004-20250129-en
windows10-2004-x64
General
-
Target
Bunifu.UI.WinForms.BunifuButton.dll
-
Size
107KB
-
MD5
21f999e5ac72a16077511d41590822de
-
SHA1
d8bb1a8a291f73cdf2b5658b2b65736c87db19dd
-
SHA256
2a62c78f1f0db2e3258135b50f7885e6734c31c74a8f2f5782f285aa268c2f71
-
SHA512
e04fe31870f266d772829053a6bb210a9513ff5c8c0f9a3a267ddbe1875125496caa602baf44a4e241ef84d933bd55b79af43d5871ed10c81711adecee78b8e3
-
SSDEEP
3072:tgiMibnDED3/7f2ih0xdGzFpzUHgmCFKHUUZP0tTwmnkyY:xDDED3/7f2ih0xdGzFpzUHgmCFKHvF0e
Malware Config
Signatures
-
Checks SCSI registry key(s) 3 TTPs 3 IoCs
SCSI information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 taskmgr.exe -
Suspicious behavior: EnumeratesProcesses 6 IoCs
pid Process 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 2476 taskmgr.exe Token: SeSystemProfilePrivilege 2476 taskmgr.exe Token: SeCreateGlobalPrivilege 2476 taskmgr.exe Token: 33 2476 taskmgr.exe Token: SeIncBasePriorityPrivilege 2476 taskmgr.exe -
Suspicious use of FindShellTrayWindow 32 IoCs
pid Process 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe -
Suspicious use of SendNotifyMessage 32 IoCs
pid Process 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe 2476 taskmgr.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Bunifu.UI.WinForms.BunifuButton.dll,#11⤵PID:4180
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2476