Overview

overview

10

Static

static

viri.exe.dll

windows7_x64

10

viri.exe.dll

windows10_x64

10

Analysis

  • max time kernel
    16s
  • max time network
    66s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    20-03-2021 12:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    viri.exe.dll

  • Size

    37KB

  • MD5

    8539346052a26e7afb4c7e4331c88448

  • SHA1

    6be665d2139f14759a025543b83c4c0cbff70687

  • SHA256

    492992c706bb70b10eedb7952c287ec1df35fceb32f4d050a18f51bb6e60e303

  • SHA512

    4d380dbc13def50a6033498174c1fa26f74e3545701deaccab42111ea205d5592f584bf2980ea71c0260d9a67f742c2c9c64267ee73f5f2b9e169e84b69e8753

Score
10/10
nloaderloader

Malware Config

Signatures

  • Nloader

    Simple loader that includes the keyword 'cambo' in the URL used to download other families.

    loadernloader
  • Nloader Payload 4 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\viri.exe.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1048
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\viri.exe.dll,#1
      2⤵
        PID:1760
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 868
          3⤵
          • Program crash
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:2092

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1760-2-0x0000000000000000-mapping.dmp

      Download

    • memory/1760-3-0x0000000002F30000-0x0000000002F39000-memory.dmp

      Filesize

      36KB

      Download

    • memory/1760-4-0x0000000010000000-0x0000000010007000-memory.dmp

      Filesize

      28KB

      Download

    • memory/1760-5-0x0000000002F60000-0x0000000002F65000-memory.dmp

      Filesize

      20KB

      Download

    • memory/1760-6-0x0000000002F20000-0x0000000002F26000-memory.dmp

      Filesize

      24KB

      Download

    • memory/2092-7-0x0000000004640000-0x0000000004641000-memory.dmp

      Filesize

      4KB

      Download