Overview

overview

8

Static

static

AMR Player...er.exe

windows7-x64

1

AMR Player...er.exe

windows10-2004-x64

1

AMR Player...OM.exe

windows7-x64

1

AMR Player...OM.exe

windows10-2004-x64

1

AMR Player...ec.dll

windows7-x64

3

AMR Player...ec.dll

windows10-2004-x64

3

AMR Player...at.dll

windows7-x64

3

AMR Player...at.dll

windows10-2004-x64

3

AMR Player/avutil.dll

windows7-x64

1

AMR Player/avutil.dll

windows10-2004-x64

1

AMR Player/bass.dll

windows7-x64

1

AMR Player/bass.dll

windows10-2004-x64

1

AMR Player/lpk.dll

windows7-x64

8

AMR Player/lpk.dll

windows10-2004-x64

8

AMR Player...C2.dll

windows7-x64

1

AMR Player...C2.dll

windows10-2004-x64

Analysis

  • max time kernel
    150s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 11:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AMR Player/avcodec.dll

  • Size

    4.6MB

  • MD5

    91255a74916beefdb6f585431c22f567

  • SHA1

    c4c927cc1bf5bb5e32ff6d9ecfd64a03d8ecc931

  • SHA256

    dad725e7683625f3f14dddd66a29b4acd0e4a587bcf37fa652b872671741e279

  • SHA512

    132082167c99c6415fe9902f76c16fe64b23731a574ec666f3646aae6a6f57ebdda101e6926c594dec3a279cab92f9cd1e58f19958b2472db34a26ca2d2a7b66

  • SSDEEP

    98304:H9Jr1cF87vTYQ53gVDHJrGqNg0/qHUVcbLGDFKBlnjvmdHbrSjN8py3p0QH691FJ:H9Jr1487vTYQ3gVLJrGqNg/LGDFKBlno

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\AMR Player\avcodec.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1348
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\AMR Player\avcodec.dll",#1
      2⤵
        PID:3904
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 604
          3⤵
          • Program crash
          PID:4796
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3904 -ip 3904
      1⤵
        PID:4868

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3904-132-0x0000000000000000-mapping.dmp

        Download

      • memory/3904-133-0x0000000066780000-0x0000000066CBF000-memory.dmp

        Filesize

        5.2MB

        Download

      • memory/3904-134-0x0000000066780000-0x0000000066CBF000-memory.dmp

        Filesize

        5.2MB

        Download