Overview
overview
10Static
static
100d63eafe7f...99.exe
windows7-x64
80d63eafe7f...99.exe
windows10-2004-x64
8$PLUGINSDI...ge.dll
windows7-x64
1$PLUGINSDI...ge.dll
windows10-2004-x64
1$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
31921502319...4.xlam
windows7-x64
101921502319...4.xlam
windows10-2004-x64
127133b9541...e9.vbs
windows7-x64
827133b9541...e9.vbs
windows10-2004-x64
6304278cfa0...1c.xls
windows7-x64
1304278cfa0...1c.xls
windows10-2004-x64
1365771facf...77.exe
windows7-x64
10365771facf...77.exe
windows10-2004-x64
10397900307d...0c.lnk
windows7-x64
3397900307d...0c.lnk
windows10-2004-x64
83d390249d9...ab.lnk
windows7-x64
33d390249d9...ab.lnk
windows10-2004-x64
840e5adc952...73.xls
windows7-x64
140e5adc952...73.xls
windows10-2004-x64
1746afcd799...69.xls
windows7-x64
1746afcd799...69.xls
windows10-2004-x64
185af8304fd...9f.jar
windows7-x64
185af8304fd...9f.jar
windows10-2004-x64
7984646a5a7...41.vbs
windows7-x64
10984646a5a7...41.vbs
windows10-2004-x64
109c33e83331...ce.exe
windows7-x64
109c33e83331...ce.exe
windows10-2004-x64
109f07c02b13...b4.lnk
windows7-x64
39f07c02b13...b4.lnk
windows10-2004-x64
10c0baec4eb2...f.xlam
windows7-x64
10c0baec4eb2...f.xlam
windows10-2004-x64
1Analysis
-
max time kernel
51s -
max time network
51s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
17-06-2024 01:02
Behavioral task
behavioral1
Sample
0d63eafe7f4eebd3b782dd262da6fa3e562c420e0ecfff540ee1a9c5a76b0f99.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
0d63eafe7f4eebd3b782dd262da6fa3e562c420e0ecfff540ee1a9c5a76b0f99.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/BgImage.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/BgImage.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
19215023198d9ebe4a626113cc6c001bd4d250ebea69aa25afd483aefd4c0984.xlam
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
19215023198d9ebe4a626113cc6c001bd4d250ebea69aa25afd483aefd4c0984.xlam
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
27133b9541228c135784f7c6c3bb9425975d7e7880ae278fea040b0ffcb8eee9.vbs
Resource
win7-20240611-en
Behavioral task
behavioral10
Sample
27133b9541228c135784f7c6c3bb9425975d7e7880ae278fea040b0ffcb8eee9.vbs
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
304278cfa0f9f2e81a48c4f23bcb97920b6263c07484b9a0793c2d1b8c65171c.xls
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
304278cfa0f9f2e81a48c4f23bcb97920b6263c07484b9a0793c2d1b8c65171c.xls
Resource
win10v2004-20240508-en
Behavioral task
behavioral13
Sample
365771facf4476f03189fbace015a962f6fd021650f4ebd61acd0c675bc85b77.exe
Resource
win7-20240611-en
Behavioral task
behavioral14
Sample
365771facf4476f03189fbace015a962f6fd021650f4ebd61acd0c675bc85b77.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral15
Sample
397900307dd4900066b97d9cdbf0e4cdaf145572b84293e1e08c2a15e7963a0c.lnk
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
397900307dd4900066b97d9cdbf0e4cdaf145572b84293e1e08c2a15e7963a0c.lnk
Resource
win10v2004-20240611-en
Behavioral task
behavioral17
Sample
3d390249d9ba45f8e6198dde8319ee8ccd5b9b23921472095ed453544ca537ab.lnk
Resource
win7-20240508-en
Behavioral task
behavioral18
Sample
3d390249d9ba45f8e6198dde8319ee8ccd5b9b23921472095ed453544ca537ab.lnk
Resource
win10v2004-20240611-en
Behavioral task
behavioral19
Sample
40e5adc952e8c472e083a539cd67ac339132f2e41a2c99dd3083dd720c041673.xls
Resource
win7-20240221-en
Behavioral task
behavioral20
Sample
40e5adc952e8c472e083a539cd67ac339132f2e41a2c99dd3083dd720c041673.xls
Resource
win10v2004-20240611-en
Behavioral task
behavioral21
Sample
746afcd79967881e5a7a21ff847a60c9ef6f1c2dbd796b4ad0c16bc85009d069.xls
Resource
win7-20240508-en
Behavioral task
behavioral22
Sample
746afcd79967881e5a7a21ff847a60c9ef6f1c2dbd796b4ad0c16bc85009d069.xls
Resource
win10v2004-20240508-en
Behavioral task
behavioral23
Sample
85af8304fde85bfbd5323012e0f79fab0045a85943454c7757dece03686b049f.jar
Resource
win7-20240220-en
Behavioral task
behavioral24
Sample
85af8304fde85bfbd5323012e0f79fab0045a85943454c7757dece03686b049f.jar
Resource
win10v2004-20240508-en
Behavioral task
behavioral25
Sample
984646a5a7686265df256e88616dc046b8daa6fbc1807ae67d2933caf0e6af41.vbs
Resource
win7-20240611-en
Behavioral task
behavioral26
Sample
984646a5a7686265df256e88616dc046b8daa6fbc1807ae67d2933caf0e6af41.vbs
Resource
win10v2004-20240226-en
Behavioral task
behavioral27
Sample
9c33e83331c4e2e954f355f453bd32add84016d45e6434d568fb56b690de26ce.exe
Resource
win7-20240611-en
Behavioral task
behavioral28
Sample
9c33e83331c4e2e954f355f453bd32add84016d45e6434d568fb56b690de26ce.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral29
Sample
9f07c02b13a50bb84630841a7a9876c9ced2ab66d406c54f4673c88e7cd70bb4.lnk
Resource
win7-20240508-en
Behavioral task
behavioral30
Sample
9f07c02b13a50bb84630841a7a9876c9ced2ab66d406c54f4673c88e7cd70bb4.lnk
Resource
win10v2004-20240611-en
Behavioral task
behavioral31
Sample
c0baec4eb2deb38c2f86c250a7aae50a417652429439bb5ecce82e8bac6892ef.xlam
Resource
win7-20240221-en
Behavioral task
behavioral32
Sample
c0baec4eb2deb38c2f86c250a7aae50a417652429439bb5ecce82e8bac6892ef.xlam
Resource
win10v2004-20240611-en
General
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
dbdbf4017ff91c9de328697b5fd2e10a
-
SHA1
b597a5e9a8a0b252770933feed51169b5060a09f
-
SHA256
be60a00f32924ccbe03f9914e33b8e1ad8c8a1ca442263a69896efba74925b36
-
SHA512
3befc15aab0a5dbe7fde96155b0499d385f2799b1a2d47ce04f37b5804006b1c6c4fff93d3cedb56a2a8172b23752b6f9dc6168cfce3596b91def3247836cf10
-
SSDEEP
96:33YnIxFkDUGZpKSmktse3GpmD8pevbE9cxSgB5PKtAtYE9v5E9KntrmfVEB3YdkS:33YIvGZDdtP8pevbg0PuAYK56NyoIFI
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1120 4608 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1540 wrote to memory of 4608 1540 rundll32.exe rundll32.exe PID 1540 wrote to memory of 4608 1540 rundll32.exe rundll32.exe PID 1540 wrote to memory of 4608 1540 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 6363⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4608 -ip 46081⤵