Overview
overview
10Static
static
10hwid pack/...sk.exe
windows11-21h2-x64
6hwid pack/...up.exe
windows11-21h2-x64
1hwid pack/...RU.exe
windows11-21h2-x64
1hwid pack/...ll.exe
windows11-21h2-x64
1hwid pack/...rt.exe
windows11-21h2-x64
5hwid pack/...64.exe
windows11-21h2-x64
5hwid pack/...IN.exe
windows11-21h2-x64
1hwid pack/...64.exe
windows11-21h2-x64
1hwid pack/...16.exe
windows11-21h2-x64
hwid pack/...IT.exe
windows11-21h2-x64
1hwid pack/...LL.dll
windows11-21h2-x64
3hwid pack/...YS.sys
windows11-21h2-x64
1hwid pack/...64.sys
windows11-21h2-x64
1hwid pack/...64.sys
windows11-21h2-x64
1hwid pack/...lp.pdf
windows11-21h2-x64
1hwid pack/...rt.exe
windows11-21h2-x64
1hwid pack/...Un.exe
windows11-21h2-x64
6hwid pack/...Un.exe
windows11-21h2-x64
6hwid pack/...ew.chm
windows11-21h2-x64
1hwid pack/...ew.exe
windows11-21h2-x64
6Analysis
-
max time kernel
451s -
max time network
458s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
30-06-2024 16:43
Behavioral task
behavioral1
Sample
hwid pack/HardDisk.exe
Resource
win11-20240611-en
Behavioral task
behavioral2
Sample
hwid pack/MacSetup.exe
Resource
win11-20240419-en
Behavioral task
behavioral3
Sample
hwid pack/monitor serial/CRU.exe
Resource
win11-20240508-en
Behavioral task
behavioral4
Sample
hwid pack/monitor serial/reset-all.exe
Resource
win11-20240508-en
Behavioral task
behavioral5
Sample
hwid pack/monitor serial/restart.exe
Resource
win11-20240508-en
Behavioral task
behavioral6
Sample
hwid pack/monitor serial/restart64.exe
Resource
win11-20240611-en
Behavioral task
behavioral7
Sample
hwid pack/serial changer/AMIDEWIN.exe
Resource
win11-20240508-en
Behavioral task
behavioral8
Sample
hwid pack/serial changer/AMIDEWINx64.exe
Resource
win11-20240508-en
Behavioral task
behavioral9
Sample
hwid pack/serial changer/DMI16.exe
Resource
win11-20240611-en
Behavioral task
behavioral10
Sample
hwid pack/serial changer/DMIEDIT.exe
Resource
win11-20240611-en
Behavioral task
behavioral11
Sample
hwid pack/serial changer/UCOREDLL.dll
Resource
win11-20240508-en
Behavioral task
behavioral12
Sample
hwid pack/serial changer/UCORESYS.sys
Resource
win11-20240611-en
Behavioral task
behavioral13
Sample
hwid pack/serial changer/UCOREW64.sys
Resource
win11-20240611-en
Behavioral task
behavioral14
Sample
hwid pack/serial changer/amifldrv64.sys
Resource
win11-20240611-en
Behavioral task
behavioral15
Sample
hwid pack/uninstall/Revo Uninstaller Help.pdf
Resource
win11-20240508-en
Behavioral task
behavioral16
Sample
hwid pack/uninstall/RevoUPort.exe
Resource
win11-20240508-en
Behavioral task
behavioral17
Sample
hwid pack/uninstall/x64/RevoUn.exe
Resource
win11-20240508-en
Behavioral task
behavioral18
Sample
hwid pack/uninstall/x86/RevoUn.exe
Resource
win11-20240611-en
Behavioral task
behavioral19
Sample
hwid pack/usb device serial/USBDeview.chm
Resource
win11-20240611-en
Behavioral task
behavioral20
Sample
hwid pack/usb device serial/USBDeview.exe
Resource
win11-20240611-en
General
-
Target
hwid pack/serial changer/UCOREDLL.dll
-
Size
112KB
-
MD5
8370f3114924ed6c53741de7a253625a
-
SHA1
f7782d51e73526226a89229b4f3625c7ce43f3b3
-
SHA256
78a4d8e5e8c33793e5a2020325d3a49e92e4826167742e93179bdacbf167b409
-
SHA512
5a13c0fb787366869fac57139fa2ebbd0c34a1bfa76c05ac879da60e534cbac694385f2b6120fdb6c7cf0e62cf4948efbdfde96e695a9d377f44eedb2e1b1398
-
SSDEEP
1536:g+FKwswB29BLymvRwRvSpD0pQD61ShZT1Cw4cf0SbtsWFoYc0RkU:g8Vk9ymvyNMO4QqGeyqoLGL
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2852 1412 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1988 wrote to memory of 1412 1988 rundll32.exe rundll32.exe PID 1988 wrote to memory of 1412 1988 rundll32.exe rundll32.exe PID 1988 wrote to memory of 1412 1988 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\hwid pack\serial changer\UCOREDLL.dll",#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\hwid pack\serial changer\UCOREDLL.dll",#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 4723⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1412 -ip 14121⤵