Overview

overview

8

Static

static

3

Fluxus/Fluxus V7.exe

windows10-1703-x64

8

Fluxus/bin...th.dll

windows10-1703-x64

8

Analysis

  • max time kernel
    73s
  • max time network
    77s
  • platform
    windows10-1703_x64
  • resource
    win10-20230915-en
  • resource tags

    arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
  • submitted
    01/10/2023, 17:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Fluxus/bin/FluxusAuth.dll

  • Size

    4.3MB

  • MD5

    8b7c95c980646614b4fd21414e489be7

  • SHA1

    19c4cfeb0a5c4d2d305022bb34e817d63c6d5f25

  • SHA256

    9f766783ca687dc5b7718350b673bc895cb9b0eb7e9185ea0b8044867c2bbbfe

  • SHA512

    8027b1036c6ccd18b5f51e95a5ab687c65766cf63d1e619da9c91dca16dbdc68b2d85acde13955f600d0a32a914b4fdb76912e7b1c00a10327835ad6882c402a

  • SSDEEP

    98304:jGHNrbValGSewGA1xJ6/ElY5i29bPNrh8s2iiDcAunb:j0klGSewv1X6/EQi2j8Fy

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 3 IoCs
  • Downloads MZ/PE file
  • Program crash 1 IoCs
  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Fluxus\bin\FluxusAuth.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4036
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Fluxus\bin\FluxusAuth.dll,#1
      2⤵
      • Blocklisted process makes network request
      • Enumerates system info in registry
      PID:2088
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 900
        3⤵
        • Program crash
        PID:4544

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/2088-0-0x0000000073D60000-0x000000007443E000-memory.dmp

          Filesize

          6.9MB

          Download