Overview
overview
10Static
static
4Installer.exe
windows7-x64
10Installer.exe
windows10-2004-x64
10packages/A...er.exe
windows7-x64
1packages/A...er.exe
windows10-2004-x64
1packages/P...te.url
windows7-x64
1packages/P...te.url
windows10-2004-x64
1packages/P...el.exe
windows7-x64
1packages/P...el.exe
windows10-2004-x64
1packages/P...64.exe
windows7-x64
1packages/P...64.exe
windows10-2004-x64
1packages/P...re.dll
windows7-x64
1packages/P...re.dll
windows10-2004-x64
1packages/P...i).dll
windows7-x64
3packages/P...i).dll
windows10-2004-x64
3packages/P...Ti.dll
windows7-x64
3packages/P...Ti.dll
windows10-2004-x64
3Analysis
-
max time kernel
127s -
max time network
146s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
10-09-2022 14:42
Behavioral task
behavioral1
Sample
Installer.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
Installer.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
packages/AppInfo/Microsoft Analysis Services/AS OLEDB/110/SQLDumper.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral5
Sample
packages/Program Files (x86)/ASIO4ALL v2/ASIO4ALL Web Site.url
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
packages/Program Files (x86)/ASIO4ALL v2/ASIO4ALL Web Site.url
Resource
win10v2004-20220812-en
Behavioral task
behavioral7
Sample
packages/Program Files (x86)/ASIO4ALL v2/a4apanel.exe
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
packages/Program Files (x86)/ASIO4ALL v2/a4apanel.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral9
Sample
packages/Program Files (x86)/ASIO4ALL v2/a4apanel64.exe
Resource
win7-20220812-en
Behavioral task
behavioral10
Sample
packages/Program Files (x86)/ASIO4ALL v2/a4apanel64.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral11
Sample
packages/Program Files (x86)/Common Files/Propellerhead Software/ReWire/ReWire.dll
Resource
win7-20220812-en
Behavioral task
behavioral12
Sample
packages/Program Files (x86)/Common Files/Propellerhead Software/ReWire/ReWire.dll
Resource
win10v2004-20220901-en
Behavioral task
behavioral13
Sample
packages/Program Files (x86)/VstPlugins/FL Studio VSTi (Multi).dll
Resource
win7-20220812-en
Behavioral task
behavioral14
Sample
packages/Program Files (x86)/VstPlugins/FL Studio VSTi (Multi).dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral15
Sample
packages/Program Files (x86)/VstPlugins/FL Studio VSTi.dll
Resource
win7-20220901-en
Behavioral task
behavioral16
Sample
packages/Program Files (x86)/VstPlugins/FL Studio VSTi.dll
Resource
win10v2004-20220812-en
General
-
Target
packages/Program Files (x86)/VstPlugins/FL Studio VSTi (Multi).dll
-
Size
2.3MB
-
MD5
a127a44f247c0b659f2b65eceed3298a
-
SHA1
c015ed730f0178a34b19551234280b114d579fdb
-
SHA256
37a32270ecd95d19b9944f72238b42ee55fe257a91f90b0aa661313d3c8919aa
-
SHA512
c40010d96d322581f6f10d665e3a5bb98305b4a5e43420aad293599341493c19c75d2f3d17eb8adad94adf201c502ff02a00bb3f6fd8d08b79fb0c014d591410
-
SSDEEP
24576:KacqwzcGeFEYYena94frJXZfHZhR2OKu4r+MeTKirXGWdXg3uD02+KMwMn4x5ITW:rocfHKt8KirXZw3I02+KMw+4ETbQimoI
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 32 748 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1808 wrote to memory of 748 1808 rundll32.exe rundll32.exe PID 1808 wrote to memory of 748 1808 rundll32.exe rundll32.exe PID 1808 wrote to memory of 748 1808 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\packages\Program Files (x86)\VstPlugins\FL Studio VSTi (Multi).dll",#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\packages\Program Files (x86)\VstPlugins\FL Studio VSTi (Multi).dll",#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 6923⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 180 -p 748 -ip 7481⤵