Overview
overview
3Static
static
3SA_-_Wides...Fix.7z
windows7-x64
3SA_-_Wides...Fix.7z
windows10-2004-x64
3Leiame (ou morra).txt
windows7-x64
1Leiame (ou morra).txt
windows10-2004-x64
1Readme (or die).txt
windows7-x64
1Readme (or die).txt
windows10-2004-x64
1Widescreen...ix.dll
windows7-x64
1Widescreen...ix.dll
windows10-2004-x64
3Widescreen...ix.ini
windows7-x64
1Widescreen...ix.ini
windows10-2004-x64
1Widescreen...a).txt
windows7-x64
1Widescreen...a).txt
windows10-2004-x64
1Widescreen...e).txt
windows7-x64
1Widescreen...e).txt
windows10-2004-x64
1Widescreen...a).txt
windows7-x64
1Widescreen...a).txt
windows10-2004-x64
1Widescreen...e).txt
windows7-x64
1Widescreen...e).txt
windows10-2004-x64
1Widescreen...ps.dll
windows7-x64
1Widescreen...ps.dll
windows10-2004-x64
3Analysis
-
max time kernel
135s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
02/05/2023, 00:37
Static task
static1
Behavioral task
behavioral1
Sample
SA_-_Widescreen_Fix.7z
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
SA_-_Widescreen_Fix.7z
Resource
win10v2004-20230221-en
Behavioral task
behavioral3
Sample
Leiame (ou morra).txt
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
Leiame (ou morra).txt
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
Readme (or die).txt
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
Readme (or die).txt
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
Widescreen Fix by ThirteenAG/GTASA.WidescreenFix.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
Widescreen Fix by ThirteenAG/GTASA.WidescreenFix.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
Widescreen Fix by ThirteenAG/GTASA.WidescreenFix.ini
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
Widescreen Fix by ThirteenAG/GTASA.WidescreenFix.ini
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
Widescreen Fix by ThirteenAG/Leiame (ou morra).txt
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
Widescreen Fix by ThirteenAG/Leiame (ou morra).txt
Resource
win10v2004-20230220-en
Behavioral task
behavioral13
Sample
Widescreen Fix by ThirteenAG/Readme (or die).txt
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
Widescreen Fix by ThirteenAG/Readme (or die).txt
Resource
win10v2004-20230220-en
Behavioral task
behavioral15
Sample
Widescreen HOR+ Support by Wesser/Leiame (ou morra).txt
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
Widescreen HOR+ Support by Wesser/Leiame (ou morra).txt
Resource
win10v2004-20230220-en
Behavioral task
behavioral17
Sample
Widescreen HOR+ Support by Wesser/Readme (or die).txt
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
Widescreen HOR+ Support by Wesser/Readme (or die).txt
Resource
win10v2004-20230220-en
Behavioral task
behavioral19
Sample
Widescreen HOR+ Support by Wesser/wshps.dll
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
Widescreen HOR+ Support by Wesser/wshps.dll
Resource
win10v2004-20230221-en
General
-
Target
Widescreen HOR+ Support by Wesser/wshps.dll
-
Size
127KB
-
MD5
79d931ee3cfbe84b9025ce0c0e8cf744
-
SHA1
0b997a1f407cb3aa55cdd5206cbb3692d48accaa
-
SHA256
09d0c3f9d6e2619d85efe87b9a8564abecfa83526c39a8dd75933c2461b02075
-
SHA512
a2aa1903f3cfdab5f19120b185a000eacf6f58f54c820849e62cc55f4844257b57fe85d671ace7241e3539d46e35be96e7be85593c588b6b66ad3af0013c148e
-
SSDEEP
3072:y0vitq6mKOmfhcH6TpXTpqvpXB15/2Bb:y0viFOmpcH6B2xM
Malware Config
Signatures
-
Program crash 2 IoCs
pid pid_target Process procid_target 2748 2788 WerFault.exe 82 2828 2788 WerFault.exe 82 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1344 wrote to memory of 2788 1344 rundll32.exe 82 PID 1344 wrote to memory of 2788 1344 rundll32.exe 82 PID 1344 wrote to memory of 2788 1344 rundll32.exe 82
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Widescreen HOR+ Support by Wesser\wshps.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:1344 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Widescreen HOR+ Support by Wesser\wshps.dll",#12⤵PID:2788
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 5803⤵
- Program crash
PID:2748
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 8003⤵
- Program crash
PID:2828
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 2788 -ip 27881⤵PID:2540
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 2788 -ip 27881⤵PID:4496