Overview
overview
7Static
static
updater.exe
windows10_x64
1runtimes/w...rp.dll
windows10_x64
1runtimes/w...re.dll
windows10_x64
1runtimes/w...me.dll
windows10_x64
1runtimes/w...v2.dll
windows10_x64
1runtimes/w...GL.dll
windows10_x64
1runtimes/w...ef.dll
windows10_x64
1runtimes/w...v2.dll
windows10_x64
3runtimes/w...GL.dll
windows10_x64
1runtimes/w...47.dll
windows10_x64
1runtimes/w...lf.dll
windows10_x64
1runtimes/w...rp.dll
windows10_x64
1runtimes/w...re.dll
windows10_x64
1runtimes/w...me.dll
windows10_x64
3runtimes/w...ss.exe
windows10_x64
1runtimes/w...re.dll
windows10_x64
3cscppcom.exe
windows10_x64
5UX Launcher.exe
windows10_x64
7UX Launcher.dll.exe
windows10_x64
3Newtonsoft.Json.dll
windows10_x64
1NUnrar.dll
windows10_x64
1EO.WebEngine.dll
windows10_x64
1EO.WebBrowser.dll
windows10_x64
1EO.Base.dll
windows10_x64
1CefSharp.Wpf.dll
windows10_x64
1Analysis
-
max time kernel
320s -
max time network
381s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
18-08-2021 18:23
Static task
static1
Behavioral task
behavioral1
Sample
updater.exe
Resource
win10v20210410
Behavioral task
behavioral2
Sample
runtimes/win-x86/lib/netcoreapp3.0/CefSharp.dll
Resource
win10v20210408
Behavioral task
behavioral3
Sample
runtimes/win-x86/lib/netcoreapp3.0/CefSharp.Core.dll
Resource
win10v20210410
Behavioral task
behavioral4
Sample
runtimes/win-x86/lib/netcoreapp3.0/CefSharp.Core.Runtime.dll
Resource
win10v20210408
Behavioral task
behavioral5
Sample
runtimes/win-x64/lib/netcoreapp3.0/swiftshader/libGLESv2.dll
Resource
win10v20210410
Behavioral task
behavioral6
Sample
runtimes/win-x64/lib/netcoreapp3.0/swiftshader/libEGL.dll
Resource
win10v20210408
Behavioral task
behavioral7
Sample
runtimes/win-x64/lib/netcoreapp3.0/libcef.dll
Resource
win10v20210410
Behavioral task
behavioral8
Sample
runtimes/win-x64/lib/netcoreapp3.0/libGLESv2.dll
Resource
win10v20210410
Behavioral task
behavioral9
Sample
runtimes/win-x64/lib/netcoreapp3.0/libEGL.dll
Resource
win10v20210408
Behavioral task
behavioral10
Sample
runtimes/win-x64/lib/netcoreapp3.0/d3dcompiler_47.dll
Resource
win10v20210410
Behavioral task
behavioral11
Sample
runtimes/win-x64/lib/netcoreapp3.0/chrome_elf.dll
Resource
win10v20210408
Behavioral task
behavioral12
Sample
runtimes/win-x64/lib/netcoreapp3.0/CefSharp.dll
Resource
win10v20210410
Behavioral task
behavioral13
Sample
runtimes/win-x64/lib/netcoreapp3.0/CefSharp.Core.dll
Resource
win10v20210408
Behavioral task
behavioral14
Sample
runtimes/win-x64/lib/netcoreapp3.0/CefSharp.Core.Runtime.dll
Resource
win10v20210410
Behavioral task
behavioral15
Sample
runtimes/win-x64/lib/netcoreapp3.0/CefSharp.BrowserSubprocess.exe
Resource
win10v20210410
Behavioral task
behavioral16
Sample
runtimes/win-x64/lib/netcoreapp3.0/CefSharp.BrowserSubprocess.Core.dll
Resource
win10v20210408
Behavioral task
behavioral17
Sample
cscppcom.exe
Resource
win10v20210410
Behavioral task
behavioral18
Sample
UX Launcher.exe
Resource
win10v20210408
Behavioral task
behavioral19
Sample
UX Launcher.dll.exe
Resource
win10v20210410
Behavioral task
behavioral20
Sample
Newtonsoft.Json.dll
Resource
win10v20210408
Behavioral task
behavioral21
Sample
NUnrar.dll
Resource
win10v20210410
Behavioral task
behavioral22
Sample
EO.WebEngine.dll
Resource
win10v20210410
Behavioral task
behavioral23
Sample
EO.WebBrowser.dll
Resource
win10v20210408
Behavioral task
behavioral24
Sample
EO.Base.dll
Resource
win10v20210410
Behavioral task
behavioral25
Sample
CefSharp.Wpf.dll
Resource
win10v20210408
General
-
Target
runtimes/win-x64/lib/netcoreapp3.0/CefSharp.BrowserSubprocess.Core.dll
-
Size
1.2MB
-
MD5
0695056020eb63f62877493e58cb34a4
-
SHA1
9c8135dc406cd42f2ceebec947c8113238e4fc78
-
SHA256
cd125611cdb5f3a74ee952951a692ee598daa5a7491e87676a4f68930117bb2a
-
SHA512
6a74c029cb1f9b96780d207710b00c9430c629174e08c462c5d8db4ae766946dcb464c7b0ec00cf9db947a873f9c8c5338ed02342ce053397cb533c5808dd236
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2804 572 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 14 IoCs
Processes:
WerFault.exepid process 2804 WerFault.exe 2804 WerFault.exe 2804 WerFault.exe 2804 WerFault.exe 2804 WerFault.exe 2804 WerFault.exe 2804 WerFault.exe 2804 WerFault.exe 2804 WerFault.exe 2804 WerFault.exe 2804 WerFault.exe 2804 WerFault.exe 2804 WerFault.exe 2804 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 2804 WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\runtimes\win-x64\lib\netcoreapp3.0\CefSharp.BrowserSubprocess.Core.dll,#11⤵PID:572
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 572 -s 11122⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2804