Overview
overview
10Static
static
snxdx/????.url
windows7_x64
6snxdx/????.url
windows10-2004_x64
6snxdx/?????.exe
windows7_x64
1snxdx/?????.exe
windows10-2004_x64
1snxdx/??????.url
windows7_x64
6snxdx/??????.url
windows10-2004_x64
6snxdx/Crac...PI.dll
windows7_x64
10snxdx/Crac...PI.dll
windows10-2004_x64
10snxdx/UUWi...er.dll
windows7_x64
1snxdx/UUWi...er.dll
windows10-2004_x64
3snxdx/dc.dll
windows7_x64
8snxdx/dc.dll
windows10-2004_x64
8snxdx/msvcr120.dll
windows7_x64
3snxdx/msvcr120.dll
windows10-2004_x64
3Analysis
-
max time kernel
43s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
20-05-2022 04:06
Static task
static1
Behavioral task
behavioral1
Sample
snxdx/????.url
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
snxdx/????.url
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
snxdx/?????.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
snxdx/?????.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
snxdx/??????.url
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
snxdx/??????.url
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
snxdx/CrackCaptchaAPI.dll
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
snxdx/CrackCaptchaAPI.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
snxdx/UUWiseHelper.dll
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
snxdx/UUWiseHelper.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral11
Sample
snxdx/dc.dll
Resource
win7-20220414-en
Behavioral task
behavioral12
Sample
snxdx/dc.dll
Resource
win10v2004-20220414-en
Behavioral task
behavioral13
Sample
snxdx/msvcr120.dll
Resource
win7-20220414-en
Behavioral task
behavioral14
Sample
snxdx/msvcr120.dll
Resource
win10v2004-20220414-en
General
-
Target
snxdx/msvcr120.dll
-
Size
948KB
-
MD5
034ccadc1c073e4216e9466b720f9849
-
SHA1
f19e9d8317161edc7d3e963cc0fc46bd5e4a55a1
-
SHA256
86e39b5995af0e042fcdaa85fe2aefd7c9ddc7ad65e6327bd5e7058bc3ab615f
-
SHA512
5f11ef92d936669ee834a5cef5c7d0e7703bf05d03dc4f09b9dcfe048d7d5adfaab6a9c7f42e8080a5e9aad44a35f39f3940d5cca20623d9cafe373c635570f7
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1964 2020 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2008 wrote to memory of 2020 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 2020 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 2020 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 2020 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 2020 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 2020 2008 rundll32.exe rundll32.exe PID 2008 wrote to memory of 2020 2008 rundll32.exe rundll32.exe PID 2020 wrote to memory of 1964 2020 rundll32.exe WerFault.exe PID 2020 wrote to memory of 1964 2020 rundll32.exe WerFault.exe PID 2020 wrote to memory of 1964 2020 rundll32.exe WerFault.exe PID 2020 wrote to memory of 1964 2020 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\snxdx\msvcr120.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\snxdx\msvcr120.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 2243⤵
- Program crash