Overview

overview

10

Static

static

10

Plugins/32...ss.dll

windows11-21h2-x64

1

Plugins/32...in.dll

windows11-21h2-x64

1

Plugins/32...se.dll

windows11-21h2-x64

1

Plugins/32...ns.dll

windows11-21h2-x64

1

Plugins/32...in.dll

windows11-21h2-x64

1

Plugins/32...ng.dll

windows11-21h2-x64

1

Plugins/64...ss.dll

windows11-21h2-x64

1

Plugins/64...in.dll

windows11-21h2-x64

1

Plugins/64...se.dll

windows11-21h2-x64

1

Plugins/64...ns.dll

windows11-21h2-x64

1

Plugins/64...in.dll

windows11-21h2-x64

1

Plugins/64...ng.dll

windows11-21h2-x64

1

Skins/Poly...ay.exe

windows11-21h2-x64

1

Skins/Poly...gin.js

windows11-21h2-x64

1

Skins/Poly...ic.ps1

windows11-21h2-x64

1

Skins/Poly...ic.exe

windows11-21h2-x64

7

Skins/Poly...ss.exe

windows11-21h2-x64

1

Skins/Poly...ll.dll

windows11-21h2-x64

1

Skins/Poly...ns.dll

windows11-21h2-x64

1

Skins/Poly...ck.dll

windows11-21h2-x64

1

Skins/Poly...md.chm

windows11-21h2-x64

1

Skins/Poly...B4.exe

windows11-21h2-x64

1

Skins/Poly...ipt.js

windows11-21h2-x64

1

Skins/Poly...rd.exe

windows11-21h2-x64

1

Skins/Poly...or.exe

windows11-21h2-x64

1

Skins/Poly...er.exe

windows11-21h2-x64

1

Skins/Poly...rt.exe

windows11-21h2-x64

1

Skins/Poly...ns.exe

windows11-21h2-x64

1

Skins/Poly...md.exe

windows11-21h2-x64

9

Skins/Poly...or.dll

windows11-21h2-x64

1

Skins/Poly...ord.js

windows11-21h2-x64

1

Skins/Poly...ord.js

windows11-21h2-x64

1

Analysis

  • max time kernel
    142s
  • max time network
    141s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231128-en
  • resource tags

    arch:x64arch:x86image:win11-20231128-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10/12/2023, 18:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Plugins/64bit/FrostedGlass.dll

  • Size

    8KB

  • MD5

    e9ca5d71556ea3216976010860f48a1c

  • SHA1

    8c70596aab3d23275a370b4e813f6581cf07195d

  • SHA256

    fcb1af1914bfab600a7596d777b06137db0a514b3d07eb28e10dc08cc7340dc0

  • SHA512

    fab0b142a4b556175067f012c1ae121bd17ef2580181ea2415ef7da7c98c9c4a04a13cb48197600147b00258600d92117e103b67094777337ff63bf55c8ec1e5

  • SSDEEP

    96:DxL5eTe/N8Nrg+w4Ofj1crWC0gLqvZ7OIoPKk6xPhz5noul:DNvYw4kwWCvLqtObPKTPhz5oI

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 7 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Plugins\64bit\FrostedGlass.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4872
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\dw20.exe
      dw20.exe -x -s 744
      2⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:3760

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4872-0-0x00000241158F0000-0x0000024115900000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4872-1-0x0000024115740000-0x000002411574A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4872-2-0x00007FFDF64B0000-0x00007FFDF6E51000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4872-3-0x00007FFDF64B0000-0x00007FFDF6E51000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/4872-10-0x00007FFDF64B0000-0x00007FFDF6E51000-memory.dmp

    Filesize

    9.6MB

    Download