Overview
overview
10Static
static
10DarkTrack+...px.exe
windows10-2004-x64
7DarkTrack+...ta.exe
windows10-2004-x64
1DarkTrack+...er.exe
windows10-2004-x64
1DarkTrack+...eg.exe
windows10-2004-x64
1DarkTrack+...e3.dll
windows10-2004-x64
7out.dll
windows10-2004-x64
3DarkTrack+...e3.dll
windows10-2004-x64
3DarkTrack+...er.dll
windows10-2004-x64
7out.dll
windows10-2004-x64
3DarkTrack+...ub.exe
windows10-2004-x64
10Analysis
-
max time kernel
95s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
07-04-2023 12:31
Behavioral task
behavioral1
Sample
DarkTrack+Alien+4.1/DarkTrack Alien 4.1/Compressors/upx.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral2
Sample
DarkTrack+Alien+4.1/DarkTrack Alien 4.1/Darktrack 4.1 Beta.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
DarkTrack+Alien+4.1/DarkTrack Alien 4.1/Mescaline File Binder/Mescaline Multi File Binder.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral4
Sample
DarkTrack+Alien+4.1/DarkTrack Alien 4.1/Modules/ffmpeg.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
DarkTrack+Alien+4.1/DarkTrack Alien 4.1/Plugins/sqlite3.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral6
Sample
out.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
DarkTrack+Alien+4.1/DarkTrack Alien 4.1/sqlite3.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral8
Sample
DarkTrack+Alien+4.1/DarkTrack Alien 4.1/sqlite3Reader.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
out.dll
Resource
win10v2004-20230220-en
General
-
Target
out.dll
-
Size
336KB
-
MD5
43ed6f508ba523e0a3b9224392755ea7
-
SHA1
8b1e0ec29ab3759d1cec9a01ab4a323e4238684e
-
SHA256
717118ffe9060081710cd6333549504004c9515df743f696b3c63eb7b2065407
-
SHA512
cc6b6f112217b466c9c746f7647b833cc62ebe3e0aa2f03439e361fac9964b065c216ada2e4ac19ff5404eb6e663239dbad90b9dee94cd4c173c2667ff522fda
-
SSDEEP
6144:rICvMnOTvcfgA0qBlJ89Ojo33C1oVDtY4sG2/WctyzuYf0oRCL23/:zvMnAA9BleOjoH4Ktm+jbFL3/
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 5104 1700 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3336 wrote to memory of 1700 3336 rundll32.exe rundll32.exe PID 3336 wrote to memory of 1700 3336 rundll32.exe rundll32.exe PID 3336 wrote to memory of 1700 3336 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\out.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\out.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 5483⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1700 -ip 17001⤵