Analysis
-
max time kernel
121s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
16-06-2023 20:58
Static task
static1
Behavioral task
behavioral1
Sample
onedrive-photos.lnk
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
onedrive-photos.lnk
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
onedriveupdater.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
onedriveupdater.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
version.dll
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
version.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral7
Sample
vеrsion.dll
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
vеrsion.dll
Resource
win10v2004-20230220-en
General
-
Target
vеrsion.dll
-
Size
29KB
-
MD5
30ebac24a7d60dfb597576b46c9b82fb
-
SHA1
a05a9082dc84c34ef876521b11e28f6684db484a
-
SHA256
6426cf806ecfc1432326bd4e0c9d0bba25b8db8ff5a79ef2722e7ddd889a8f30
-
SHA512
698dbb2ebda4511d009af4094dba4c30c5f6e4e6ebf202175d764600b5c18d972c52b7d4abbceef4f933104d4e1417e3cddbe21438c40959ace1921297d3f1ba
-
SSDEEP
768:ArMz75YmckVPxIiTuqMwYMD2ulzxAoQzM1PVg2:ArMzKmckVPxIiTuqMwr2ulzxAoQoPVg2
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 5032 228 WerFault.exe 81
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\vеrsion.dll,#11⤵PID:228
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 228 -s 3282⤵
- Program crash
PID:5032
-
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -pss -s 456 -p 228 -ip 2281⤵PID:4308