Overview
overview
8Static
static
3WOMicClien..._2.exe
windows10-1703-x64
WOMicClien..._2.exe
windows11-21h2-x64
7$PLUGINSDI...LL.dll
windows10-1703-x64
3$PLUGINSDI...LL.dll
windows11-21h2-x64
3$PLUGINSDI...em.dll
windows10-1703-x64
3$PLUGINSDI...em.dll
windows11-21h2-x64
3$PLUGINSDI...gs.dll
windows10-1703-x64
3$PLUGINSDI...gs.dll
windows11-21h2-x64
3driver/devcon.exe
windows10-1703-x64
1driver/devcon.exe
windows11-21h2-x64
1Analysis
-
max time kernel
115s -
max time network
127s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
30-06-2024 23:56
Static task
static1
Behavioral task
behavioral1
Sample
WOMicClientSetup5_2.exe
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
WOMicClientSetup5_2.exe
Resource
win11-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10-20240404-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win11-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10-20240611-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win11-20240508-en
Behavioral task
behavioral9
Sample
driver/devcon.exe
Resource
win10-20240404-en
Behavioral task
behavioral10
Sample
driver/devcon.exe
Resource
win11-20240508-en
General
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
0ff2d70cfdc8095ea99ca2dabbec3cd7
-
SHA1
10c51496d37cecd0e8a503a5a9bb2329d9b38116
-
SHA256
982c5fb7ada7d8c9bc3e419d1c35da6f05bc5dd845940c179af3a33d00a36a8b
-
SHA512
cb5fc0b3194f469b833c2c9abf493fcec5251e8609881b7f5e095b9bd09ed468168e95dda0ba415a7d8d6b7f0dee735467c0ed8e52b223eb5359986891ba6e2e
-
SSDEEP
192:eK24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlASl:u8QIl975eXqlWBrz7YLOlA
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4016 1424 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3004 wrote to memory of 1424 3004 rundll32.exe rundll32.exe PID 3004 wrote to memory of 1424 3004 rundll32.exe rundll32.exe PID 3004 wrote to memory of 1424 3004 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 4603⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1424 -ip 14241⤵