Overview

overview

9

Static

static

9

momicAlar_...��.cmd

windows7-x64

1

momicAlar_...��.cmd

windows10-2004-x64

7

momicAlar_...��.cmd

windows7-x64

1

momicAlar_...��.cmd

windows10-2004-x64

7

momicAlar_...��.url

windows7-x64

1

momicAlar_...��.url

windows10-2004-x64

1

momicAlar_...er.dll

windows7-x64

1

momicAlar_...er.dll

windows10-2004-x64

1

momicAlar_...ta.dll

windows7-x64

8

momicAlar_...ta.dll

windows10-2004-x64

8

momicAlar_...��.exe

windows7-x64

8

momicAlar_...��.exe

windows10-2004-x64

8

momicAlar_...��.exe

windows7-x64

9

momicAlar_...��.exe

windows10-2004-x64

9

momicAlar_...��.url

windows7-x64

1

momicAlar_...��.url

windows10-2004-x64

1

momicAlar_...��.url

windows7-x64

1

momicAlar_...��.url

windows10-2004-x64

1

Analysis

  • max time kernel
    82s
  • max time network
    122s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/11/2022, 22:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    momicAlar_gpxz/momicAlar_gpxz/momicAlar/momicAlar/jedata.dll

  • Size

    86KB

  • MD5

    114054313070472cd1a6d7d28f7c5002

  • SHA1

    9a044986e6101df1a126035da7326a50c3fe9a23

  • SHA256

    e15d9e1b772fed3db19e67b8d54533d1a2d46a37f8b12702a5892c6b886e9db1

  • SHA512

    a2ff8481e89698dae4a1c83404105093472e384d7a3debbd7014e010543e08efc8ebb3f67c8a4ce09029e6b2a8fb7779bb402aae7c9987e61389cd8a72c73522

  • SSDEEP

    1536:0OYdF5pkapU0uz96DjsVgsIm65HPdOMpFQEMqUktZcNqLODRv7zFpl91nouy8jg:0HDp7pRuKjsir5HZFQGrsUwF7hplPouG

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\momicAlar_gpxz\momicAlar_gpxz\momicAlar\momicAlar\jedata.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3248
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\momicAlar_gpxz\momicAlar_gpxz\momicAlar\momicAlar\jedata.dll,#1
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:4100
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 652
        3⤵
        • Program crash
        PID:3932
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 4100 -ip 4100
    1⤵
      PID:3680

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4100-133-0x0000000010000000-0x000000001003E000-memory.dmp

      Filesize

      248KB

      Download