Overview

overview

10

Static

static

4

LarvaLabsW...er.exe

windows7_x64

10

LarvaLabsW...er.exe

windows10_x64

10

ROGAIOSDK.dll

windows7_x64

3

ROGAIOSDK.dll

windows10_x64

3

RofPaketsoka.dll

windows7_x64

1

RofPaketsoka.dll

windows10_x64

3

ssleay32.dll

windows7_x64

1

ssleay32.dll

windows10_x64

1

storarc.dll

windows7_x64

1

storarc.dll

windows10_x64

1

storelib.dll

windows7_x64

1

storelib.dll

windows10_x64

3

storelibir-2.dll

windows7_x64

1

storelibir-2.dll

windows10_x64

3

Analysis

  • max time kernel
    123s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-en-20211208
  • submitted
    16-12-2021 16:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ROGAIOSDK.dll

  • Size

    334KB

  • MD5

    ec24f3bce34b05b38c79627e93b432c4

  • SHA1

    a2998092e224cf534728aeb88a523c82f6c041f9

  • SHA256

    9699430ac09901f40e7b08d892b185959803a4a61fa0ec2e4e17b3ce48b78f28

  • SHA512

    0a8d192bb12ade70ee71abaef37221b3adfa46c940b5e6668fad96cc1274eff27330f515acfc5e46358a7042ad446523989906a5ee077059016ce5588668bbfa

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ROGAIOSDK.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1276
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ROGAIOSDK.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1556
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 252
        3⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        PID:1784

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1556-55-0x0000000000000000-mapping.dmp
    Download
  • memory/1556-56-0x00000000756C1000-0x00000000756C3000-memory.dmp
    Filesize

    8KB

    Download
  • memory/1784-57-0x0000000000000000-mapping.dmp
    Download
  • memory/1784-58-0x0000000000370000-0x0000000000371000-memory.dmp
    Filesize

    4KB

    Download