Overview
overview
7Static
static
updater.exe
windows10_x64
1runtimes/w...rp.dll
windows10_x64
1runtimes/w...re.dll
windows10_x64
1runtimes/w...me.dll
windows10_x64
1runtimes/w...v2.dll
windows10_x64
1runtimes/w...GL.dll
windows10_x64
1runtimes/w...ef.dll
windows10_x64
1runtimes/w...v2.dll
windows10_x64
3runtimes/w...GL.dll
windows10_x64
1runtimes/w...47.dll
windows10_x64
1runtimes/w...lf.dll
windows10_x64
1runtimes/w...rp.dll
windows10_x64
1runtimes/w...re.dll
windows10_x64
1runtimes/w...me.dll
windows10_x64
3runtimes/w...ss.exe
windows10_x64
1runtimes/w...re.dll
windows10_x64
3cscppcom.exe
windows10_x64
5UX Launcher.exe
windows10_x64
7UX Launcher.dll.exe
windows10_x64
3Newtonsoft.Json.dll
windows10_x64
1NUnrar.dll
windows10_x64
1EO.WebEngine.dll
windows10_x64
1EO.WebBrowser.dll
windows10_x64
1EO.Base.dll
windows10_x64
1CefSharp.Wpf.dll
windows10_x64
1Analysis
-
max time kernel
278s -
max time network
384s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
18-08-2021 18:23
Static task
static1
Behavioral task
behavioral1
Sample
updater.exe
Resource
win10v20210410
Behavioral task
behavioral2
Sample
runtimes/win-x86/lib/netcoreapp3.0/CefSharp.dll
Resource
win10v20210408
Behavioral task
behavioral3
Sample
runtimes/win-x86/lib/netcoreapp3.0/CefSharp.Core.dll
Resource
win10v20210410
Behavioral task
behavioral4
Sample
runtimes/win-x86/lib/netcoreapp3.0/CefSharp.Core.Runtime.dll
Resource
win10v20210408
Behavioral task
behavioral5
Sample
runtimes/win-x64/lib/netcoreapp3.0/swiftshader/libGLESv2.dll
Resource
win10v20210410
Behavioral task
behavioral6
Sample
runtimes/win-x64/lib/netcoreapp3.0/swiftshader/libEGL.dll
Resource
win10v20210408
Behavioral task
behavioral7
Sample
runtimes/win-x64/lib/netcoreapp3.0/libcef.dll
Resource
win10v20210410
Behavioral task
behavioral8
Sample
runtimes/win-x64/lib/netcoreapp3.0/libGLESv2.dll
Resource
win10v20210410
Behavioral task
behavioral9
Sample
runtimes/win-x64/lib/netcoreapp3.0/libEGL.dll
Resource
win10v20210408
Behavioral task
behavioral10
Sample
runtimes/win-x64/lib/netcoreapp3.0/d3dcompiler_47.dll
Resource
win10v20210410
Behavioral task
behavioral11
Sample
runtimes/win-x64/lib/netcoreapp3.0/chrome_elf.dll
Resource
win10v20210408
Behavioral task
behavioral12
Sample
runtimes/win-x64/lib/netcoreapp3.0/CefSharp.dll
Resource
win10v20210410
Behavioral task
behavioral13
Sample
runtimes/win-x64/lib/netcoreapp3.0/CefSharp.Core.dll
Resource
win10v20210408
Behavioral task
behavioral14
Sample
runtimes/win-x64/lib/netcoreapp3.0/CefSharp.Core.Runtime.dll
Resource
win10v20210410
Behavioral task
behavioral15
Sample
runtimes/win-x64/lib/netcoreapp3.0/CefSharp.BrowserSubprocess.exe
Resource
win10v20210410
Behavioral task
behavioral16
Sample
runtimes/win-x64/lib/netcoreapp3.0/CefSharp.BrowserSubprocess.Core.dll
Resource
win10v20210408
Behavioral task
behavioral17
Sample
cscppcom.exe
Resource
win10v20210410
Behavioral task
behavioral18
Sample
UX Launcher.exe
Resource
win10v20210408
Behavioral task
behavioral19
Sample
UX Launcher.dll.exe
Resource
win10v20210410
Behavioral task
behavioral20
Sample
Newtonsoft.Json.dll
Resource
win10v20210408
Behavioral task
behavioral21
Sample
NUnrar.dll
Resource
win10v20210410
Behavioral task
behavioral22
Sample
EO.WebEngine.dll
Resource
win10v20210410
Behavioral task
behavioral23
Sample
EO.WebBrowser.dll
Resource
win10v20210408
Behavioral task
behavioral24
Sample
EO.Base.dll
Resource
win10v20210410
Behavioral task
behavioral25
Sample
CefSharp.Wpf.dll
Resource
win10v20210408
General
-
Target
runtimes/win-x86/lib/netcoreapp3.0/CefSharp.Core.Runtime.dll
-
Size
1.4MB
-
MD5
0233e8f518cb12aba755a987c3748313
-
SHA1
69b0553a28cddc09f66e246ce443cf7ce1bebf95
-
SHA256
b98597c67bd11479eebb5b09968c38ac3209212719132e6ddf055f5f46da3866
-
SHA512
764b480fbf8cd205720b426b3ed83c2e92bb1d8fee75028dedd72abcc983837d01f663cb981c5ed54673c3f1a6aefff7f025adb18b81c0c24d9035553f2adf6b
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2164 wrote to memory of 3960 2164 rundll32.exe rundll32.exe PID 2164 wrote to memory of 3960 2164 rundll32.exe rundll32.exe PID 2164 wrote to memory of 3960 2164 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\runtimes\win-x86\lib\netcoreapp3.0\CefSharp.Core.Runtime.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2164 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\runtimes\win-x86\lib\netcoreapp3.0\CefSharp.Core.Runtime.dll,#12⤵PID:3960