Overview
overview
10Static
static
329e1467e97...16.exe
windows7-x64
729e1467e97...16.exe
windows10-2004-x64
10$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 13:38
Static task
static1
Behavioral task
behavioral1
Sample
29e1467e979c85abfbdd3da6b09e6c16.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
29e1467e979c85abfbdd3da6b09e6c16.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Banner.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Banner.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240611-en
General
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
520d07e4bdab538c87b797d687717639
-
SHA1
569e5afdeee3cd6b2a77f715828ccb97b470f5fa
-
SHA256
9bf2482d0cdd486e1ec6d21eec00ac95538a7513a7f3c3ba117f7bf21a2b8f2d
-
SHA512
2302618d7b22913b11b1127378109f476de60f4231de377c5d0509b332e47efc12ca3294f3b36621eb7eb5b62b0a9ca98b5ef9692a807de58efd753594ab0185
-
SSDEEP
96:Jt4Vl/7Lo1UBrob9ljNEUgD7cyuM1x9XkraK2A2KAB5VVDyssKZ:Jt4Vlw1Iul5J8T1vK20I5VVGsb
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1480 5000 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5412 wrote to memory of 5000 5412 rundll32.exe rundll32.exe PID 5412 wrote to memory of 5000 5412 rundll32.exe rundll32.exe PID 5412 wrote to memory of 5000 5412 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 6123⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5000 -ip 50001⤵