Overview
overview
10Static
static
4LarvaLabsW...er.exe
windows7_x64
10LarvaLabsW...er.exe
windows10_x64
10ROGAIOSDK.dll
windows7_x64
3ROGAIOSDK.dll
windows10_x64
3RofPaketsoka.dll
windows7_x64
1RofPaketsoka.dll
windows10_x64
3ssleay32.dll
windows7_x64
1ssleay32.dll
windows10_x64
1storarc.dll
windows7_x64
1storarc.dll
windows10_x64
1storelib.dll
windows7_x64
1storelib.dll
windows10_x64
3storelibir-2.dll
windows7_x64
1storelibir-2.dll
windows10_x64
3Analysis
-
max time kernel
123s -
max time network
120s -
platform
windows7_x64 -
resource
win7-en-20211208 -
submitted
16-12-2021 16:12
Behavioral task
behavioral1
Sample
LarvaLabsWallet Launcher.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
LarvaLabsWallet Launcher.exe
Resource
win10-en-20211208
Behavioral task
behavioral3
Sample
ROGAIOSDK.dll
Resource
win7-en-20211208
Behavioral task
behavioral4
Sample
ROGAIOSDK.dll
Resource
win10-en-20211208
Behavioral task
behavioral5
Sample
RofPaketsoka.dll
Resource
win7-en-20211208
Behavioral task
behavioral6
Sample
RofPaketsoka.dll
Resource
win10-en-20211208
Behavioral task
behavioral7
Sample
ssleay32.dll
Resource
win7-en-20211208
Behavioral task
behavioral8
Sample
ssleay32.dll
Resource
win10-en-20211208
Behavioral task
behavioral9
Sample
storarc.dll
Resource
win7-en-20211208
Behavioral task
behavioral10
Sample
storarc.dll
Resource
win10-en-20211208
Behavioral task
behavioral11
Sample
storelib.dll
Resource
win7-en-20211208
Behavioral task
behavioral12
Sample
storelib.dll
Resource
win10-en-20211208
Behavioral task
behavioral13
Sample
storelibir-2.dll
Resource
win7-en-20211208
Behavioral task
behavioral14
Sample
storelibir-2.dll
Resource
win10-en-20211208
General
-
Target
ROGAIOSDK.dll
-
Size
334KB
-
MD5
ec24f3bce34b05b38c79627e93b432c4
-
SHA1
a2998092e224cf534728aeb88a523c82f6c041f9
-
SHA256
9699430ac09901f40e7b08d892b185959803a4a61fa0ec2e4e17b3ce48b78f28
-
SHA512
0a8d192bb12ade70ee71abaef37221b3adfa46c940b5e6668fad96cc1274eff27330f515acfc5e46358a7042ad446523989906a5ee077059016ce5588668bbfa
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1784 1556 WerFault.exe rundll32.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
WerFault.exepid process 1784 WerFault.exe 1784 WerFault.exe 1784 WerFault.exe 1784 WerFault.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
WerFault.exepid process 1784 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
WerFault.exedescription pid process Token: SeDebugPrivilege 1784 WerFault.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 1276 wrote to memory of 1556 1276 rundll32.exe rundll32.exe PID 1276 wrote to memory of 1556 1276 rundll32.exe rundll32.exe PID 1276 wrote to memory of 1556 1276 rundll32.exe rundll32.exe PID 1276 wrote to memory of 1556 1276 rundll32.exe rundll32.exe PID 1276 wrote to memory of 1556 1276 rundll32.exe rundll32.exe PID 1276 wrote to memory of 1556 1276 rundll32.exe rundll32.exe PID 1276 wrote to memory of 1556 1276 rundll32.exe rundll32.exe PID 1556 wrote to memory of 1784 1556 rundll32.exe WerFault.exe PID 1556 wrote to memory of 1784 1556 rundll32.exe WerFault.exe PID 1556 wrote to memory of 1784 1556 rundll32.exe WerFault.exe PID 1556 wrote to memory of 1784 1556 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ROGAIOSDK.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ROGAIOSDK.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 2523⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken