98b1f7d945aa0eb697c78ae79b85216d44351ca86d1086458543dca48efa5666

Submit
Reports

Overview

overview

Static

static

VAG K+CAN/...st.exe

windows7-x64

VAG K+CAN/...st.exe

windows10-2004-x64

VAG K+CAN/...UI.dll

windows7-x64

VAG K+CAN/...UI.dll

windows10-2004-x64

VAG K+CAN/...XX.dll

windows7-x64

VAG K+CAN/...XX.dll

windows10-2004-x64

VAG K+CAN/...US.sys

windows7-x64

VAG K+CAN/...US.sys

windows10-2004-x64

VAG K+CAN/...IN.exe

windows7-x64

VAG K+CAN/...IN.exe

windows10-2004-x64

VAG K+CAN/...ng.dll

windows7-x64

VAG K+CAN/...ng.dll

windows10-2004-x64

VAG K+CAN/...co.dll

windows7-x64

VAG K+CAN/...co.dll

windows10-2004-x64

VAG K+CAN/...2k.sys

windows7-x64

VAG K+CAN/...2k.sys

windows10-2004-x64

VAG K+CAN/...i2.dll

windows7-x64

VAG K+CAN/...i2.dll

windows10-2004-x64

VAG K+CAN/...ID.dll

windows7-x64

VAG K+CAN/...ID.dll

windows10-2004-x64

VAG K+CAN/...om.pkg

macos-10.15-amd64

VAG K+CAN/...er.exe

windows7-x64

VAG K+CAN/...er.exe

windows10-2004-x64

VAG K+CAN/...st.exe

windows7-x64

VAG K+CAN/...st.exe

windows10-2004-x64

VAG K+CAN/...UI.dll

windows7-x64

VAG K+CAN/...UI.dll

windows10-2004-x64

VAG K+CAN/...XX.dll

windows7-x64

VAG K+CAN/...XX.dll

windows10-2004-x64

VAG K+CAN/...US.sys

windows7-x64

VAG K+CAN/...US.sys

windows10-2004-x64

VAG K+CAN/...IN.exe

windows7-x64

Analysis

max time kernel
248s
max time network
318s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
07/11/2023, 14:26

Sharing

Copy URL

Twitter E-mail

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/DPInst.exe

Resource

win7-20231023-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/DPInst.exe

Resource

win10v2004-20231023-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral3

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/FTBUSUI.dll

Resource

win7-20231023-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/FTBUSUI.dll

Resource

win10v2004-20231020-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral5

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/FTD2XX.dll

Resource

win7-20231023-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral6

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/FTD2XX.dll

Resource

win10v2004-20231023-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral7

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/FTDIBUS.sys

Resource

win7-20231023-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/FTDIBUS.sys

Resource

win10v2004-20231020-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/FTDIUNIN.exe

Resource

win7-20231020-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral10

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/FTDIUNIN.exe

Resource

win10v2004-20231020-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/FTLang.dll

Resource

win7-20231025-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral12

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/FTLang.dll

Resource

win10v2004-20231025-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral13

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/ftcserco.dll

Resource

win7-20231025-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral14

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/ftcserco.dll

Resource

win10v2004-20231020-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral15

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/ftser2k.sys

Resource

win7-20231020-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/ftser2k.sys

Resource

win10v2004-20231020-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/ftserui2.dll

Resource

win7-20231023-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral18

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/CDM_Setup/ftserui2.dll

Resource

win10v2004-20231023-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral19

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/FTChipID.dll

Resource

win7-20231023-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral20

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/FTChipID.dll

Resource

win10v2004-20231023-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral21

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/rom.pkg

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/updater.exe

Resource

win7-20231020-en

evasion trojan

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral23

Sample

VAG K+CAN/UPDATE DO VAG COMMANDER/updater.exe

Resource

win10v2004-20231020-en

evasion trojan

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral24

Sample

VAG K+CAN/VAG K+CAN V3.6/CDM_Setup/DPInst.exe

Resource

win7-20231020-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral25

Sample

VAG K+CAN/VAG K+CAN V3.6/CDM_Setup/DPInst.exe

Resource

win10v2004-20231023-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral26

Sample

VAG K+CAN/VAG K+CAN V3.6/CDM_Setup/FTBUSUI.dll

Resource

win7-20231023-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral27

Sample

VAG K+CAN/VAG K+CAN V3.6/CDM_Setup/FTBUSUI.dll

Resource

win10v2004-20231023-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral28

Sample

VAG K+CAN/VAG K+CAN V3.6/CDM_Setup/FTD2XX.dll

Resource

win7-20231023-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral29

Sample

VAG K+CAN/VAG K+CAN V3.6/CDM_Setup/FTD2XX.dll

Resource

win10v2004-20231023-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral30

Sample

VAG K+CAN/VAG K+CAN V3.6/CDM_Setup/FTDIBUS.sys

Resource

win7-20231020-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

VAG K+CAN/VAG K+CAN V3.6/CDM_Setup/FTDIBUS.sys

Resource

win10v2004-20231023-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

VAG K+CAN/VAG K+CAN V3.6/CDM_Setup/FTDIUNIN.exe

Resource

win7-20231025-en

windows7-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

VAG K+CAN/UPDATE DO VAG COMMANDER/FTChipID.dll
Size

60KB
MD5

db2e9f3c2f704cd41bdbfcfb47b81108
SHA1

49e9192aefee6080c3795a8df592425e6351f56c
SHA256

d63d9ec2f0557184aba3d4156d755767cd234fc4b108f4209abbf28c064936c6
SHA512

203df4ab2c065923f6ae3f101d8046f300506e77c74a4864eaceca47e427928ab31da37374794efd24b475e8cca4abba8baed768860715076f2a708c2c7c9493
SSDEEP

768:dz3YNDu99o//FteFa13DLkTYajaIcydcqgqOigvjOcoVmoVg6oZJxzYj:dj4pFLkTYaldcqgqjgbamqoZPY

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2524	2504	rundll32.exe	27
PID 2504 wrote to memory of 2524	2504	rundll32.exe	27
PID 2504 wrote to memory of 2524	2504	rundll32.exe	27
PID 2504 wrote to memory of 2524	2504	rundll32.exe	27
PID 2504 wrote to memory of 2524	2504	rundll32.exe	27
PID 2504 wrote to memory of 2524	2504	rundll32.exe	27
PID 2504 wrote to memory of 2524	2504	rundll32.exe	27

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VAG K+CAN\UPDATE DO VAG COMMANDER\FTChipID.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\VAG K+CAN\UPDATE DO VAG COMMANDER\FTChipID.dll",#1
  2⤵
  PID:2524

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads