Overview
overview
10Static
static
329e1467e97...16.exe
windows7-x64
729e1467e97...16.exe
windows10-2004-x64
10$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
01-07-2024 13:38
Static task
static1
Behavioral task
behavioral1
Sample
29e1467e979c85abfbdd3da6b09e6c16.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
29e1467e979c85abfbdd3da6b09e6c16.exe
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Banner.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Banner.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240508-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20240419-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20231129-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240611-en
General
-
Target
$PLUGINSDIR/System.dll
-
Size
11KB
-
MD5
10e8921a6e7f6a74671b07dc3bde626f
-
SHA1
b7961066600ef193c5319dbeed3673dc60110a50
-
SHA256
c85142f86e1ec02f7ef8d5ba31b22031de3de9a16bce519d5482b824afb277eb
-
SHA512
4c19a7e3117baeec3f6a7f9a33cfab392255741137406db87fe5ac24def7f9a28b2ed0fc26f0f46c5d43ba1bb6675dea74410a797bfd265e38812b042460aa00
-
SSDEEP
192:Q9rQDenC9VrcK7REgSWOprANupQYLRszDDH/d9CWlXo7U6Wxf:QJQEaVAK7R9SfpjpQYLRszfH/d9CWB1j
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2424 3068 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2220 wrote to memory of 3068 2220 rundll32.exe rundll32.exe PID 2220 wrote to memory of 3068 2220 rundll32.exe rundll32.exe PID 2220 wrote to memory of 3068 2220 rundll32.exe rundll32.exe PID 2220 wrote to memory of 3068 2220 rundll32.exe rundll32.exe PID 2220 wrote to memory of 3068 2220 rundll32.exe rundll32.exe PID 2220 wrote to memory of 3068 2220 rundll32.exe rundll32.exe PID 2220 wrote to memory of 3068 2220 rundll32.exe rundll32.exe PID 3068 wrote to memory of 2424 3068 rundll32.exe WerFault.exe PID 3068 wrote to memory of 2424 3068 rundll32.exe WerFault.exe PID 3068 wrote to memory of 2424 3068 rundll32.exe WerFault.exe PID 3068 wrote to memory of 2424 3068 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 2203⤵
- Program crash