Analysis

  • max time kernel
    89s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 22:40

General

  • Target

    ʹ֮/CrackCaptchaAPI.dll

  • Size

    1.3MB

  • MD5

    6046edcc5db052bea9e7e6d2f2e869b1

  • SHA1

    f9efa2ff06eb664a0a3e9f2c53bc1c538c59b590

  • SHA256

    07b407b9344bc636a5595493f4bef9e66a3e0f14d6557c3a2a979a400670235c

  • SHA512

    fc6340b7a795566126da4efe6228a19eb36ee22e35323ad892289a62481ed414f1486a64c770bcb53ad6d8967363d81da91839ddd2a11c1dfb1e72a51a9bd8a8

  • SSDEEP

    24576:An6WrvFhoN0oXr2HbAR4rMuwKc3QC5fexfduH2FRNEpzvKdYu2TB3DEZ:APNet4PWQC5yluHQuzQYTTFIZ

Score
6/10

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ʹ֮\CrackCaptchaAPI.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5060
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ʹ֮\CrackCaptchaAPI.dll,#1
      2⤵
      • Writes to the Master Boot Record (MBR)
      PID:4932
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 644
        3⤵
        • Program crash
        PID:1476
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4932 -ip 4932
    1⤵
      PID:1324

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4932-132-0x0000000000000000-mapping.dmp