Analysis

  • max time kernel
    248s
  • max time network
    318s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2023, 14:26

General

  • Target

    VAG K+CAN/UPDATE DO VAG COMMANDER/FTChipID.dll

  • Size

    60KB

  • MD5

    db2e9f3c2f704cd41bdbfcfb47b81108

  • SHA1

    49e9192aefee6080c3795a8df592425e6351f56c

  • SHA256

    d63d9ec2f0557184aba3d4156d755767cd234fc4b108f4209abbf28c064936c6

  • SHA512

    203df4ab2c065923f6ae3f101d8046f300506e77c74a4864eaceca47e427928ab31da37374794efd24b475e8cca4abba8baed768860715076f2a708c2c7c9493

  • SSDEEP

    768:dz3YNDu99o//FteFa13DLkTYajaIcydcqgqOigvjOcoVmoVg6oZJxzYj:dj4pFLkTYaldcqgqjgbamqoZPY

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VAG K+CAN\UPDATE DO VAG COMMANDER\FTChipID.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VAG K+CAN\UPDATE DO VAG COMMANDER\FTChipID.dll",#1
      2⤵
        PID:2524

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads