Overview

overview

8

Static

static

AMR Player...er.exe

windows7-x64

1

AMR Player...er.exe

windows10-2004-x64

1

AMR Player...OM.exe

windows7-x64

1

AMR Player...OM.exe

windows10-2004-x64

1

AMR Player...ec.dll

windows7-x64

3

AMR Player...ec.dll

windows10-2004-x64

3

AMR Player...at.dll

windows7-x64

3

AMR Player...at.dll

windows10-2004-x64

3

AMR Player/avutil.dll

windows7-x64

1

AMR Player/avutil.dll

windows10-2004-x64

1

AMR Player/bass.dll

windows7-x64

1

AMR Player/bass.dll

windows10-2004-x64

1

AMR Player/lpk.dll

windows7-x64

8

AMR Player/lpk.dll

windows10-2004-x64

8

AMR Player...C2.dll

windows7-x64

1

AMR Player...C2.dll

windows10-2004-x64

Analysis

  • max time kernel
    150s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/11/2022, 11:37 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AMR Player/avcodec.dll

  • Size

    4.6MB

  • MD5

    91255a74916beefdb6f585431c22f567

  • SHA1

    c4c927cc1bf5bb5e32ff6d9ecfd64a03d8ecc931

  • SHA256

    dad725e7683625f3f14dddd66a29b4acd0e4a587bcf37fa652b872671741e279

  • SHA512

    132082167c99c6415fe9902f76c16fe64b23731a574ec666f3646aae6a6f57ebdda101e6926c594dec3a279cab92f9cd1e58f19958b2472db34a26ca2d2a7b66

  • SSDEEP

    98304:H9Jr1cF87vTYQ53gVDHJrGqNg0/qHUVcbLGDFKBlnjvmdHbrSjN8py3p0QH691FJ:H9Jr1487vTYQ3gVLJrGqNg/LGDFKBlno

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\AMR Player\avcodec.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1348
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\AMR Player\avcodec.dll",#1
      2⤵
        PID:3904
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 604
          3⤵
          • Program crash
          PID:4796
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3904 -ip 3904
      1⤵
        PID:4868

      Network

      • flag-unknown
        DNS
        164.2.77.40.in-addr.arpa
        Remote address:
        8.8.8.8:53
        Request
        164.2.77.40.in-addr.arpa
        IN PTR
        Response
      • 209.197.3.8:80
        52 B
         1
      • 93.184.220.29:80
        322 B
         7
      • 93.184.220.29:80
        322 B
         7
      • 8.253.225.254:80
        322 B
         7
      • 8.253.225.254:80
        322 B
         7
      • 209.197.3.8:80
        322 B
         7
      • 209.197.3.8:80
        260 B
         5
      • 209.197.3.8:80
        260 B
         5
      • 209.197.3.8:80
        260 B
         5
      • 8.238.21.126:80
        46 B
         40 B
         1
        1
      • 209.197.3.8:80
        260 B
         5
      • 8.238.20.126:80
        46 B
         40 B
         1
        1
      • 20.42.72.131:443
        276 B
         6
      • 8.8.8.8:53
        164.2.77.40.in-addr.arpa
        dns
        70 B
         144 B
         1
        1

        DNS Request

        164.2.77.40.in-addr.arpa

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3904-133-0x0000000066780000-0x0000000066CBF000-memory.dmp

        Filesize

        5.2MB

        Download

      • memory/3904-134-0x0000000066780000-0x0000000066CBF000-memory.dmp

        Filesize

        5.2MB

        Download

      We care about your privacy.

      This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.