Analysis

  • max time kernel
    135s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/05/2023, 00:37

General

  • Target

    Widescreen HOR+ Support by Wesser/wshps.dll

  • Size

    127KB

  • MD5

    79d931ee3cfbe84b9025ce0c0e8cf744

  • SHA1

    0b997a1f407cb3aa55cdd5206cbb3692d48accaa

  • SHA256

    09d0c3f9d6e2619d85efe87b9a8564abecfa83526c39a8dd75933c2461b02075

  • SHA512

    a2aa1903f3cfdab5f19120b185a000eacf6f58f54c820849e62cc55f4844257b57fe85d671ace7241e3539d46e35be96e7be85593c588b6b66ad3af0013c148e

  • SSDEEP

    3072:y0vitq6mKOmfhcH6TpXTpqvpXB15/2Bb:y0viFOmpcH6B2xM

Score
3/10

Malware Config

Signatures

  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Widescreen HOR+ Support by Wesser\wshps.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1344
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Widescreen HOR+ Support by Wesser\wshps.dll",#1
      2⤵
        PID:2788
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 580
          3⤵
          • Program crash
          PID:2748
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 800
          3⤵
          • Program crash
          PID:2828
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2788 -ip 2788
      1⤵
        PID:2540
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2788 -ip 2788
        1⤵
          PID:4496

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads