Overview

overview

3

Static

static

3

r128gain-0...54.dll

windows7-x64

3

r128gain-0...54.dll

windows10-2004-x64

3

r128gain-0...53.dll

windows7-x64

1

r128gain-0...53.dll

windows10-2004-x64

1

r128gain-0...-2.dll

windows7-x64

1

r128gain-0...-2.dll

windows10-2004-x64

1

r128gain-0...54.dll

windows7-x64

3

r128gain-0...54.dll

windows10-2004-x64

3

r128gain-0...51.dll

windows7-x64

1

r128gain-0...51.dll

windows10-2004-x64

1

r128gain-0...x.html

windows7-x64

1

r128gain-0...x.html

windows10-2004-x64

1

r128gain-0...eg.exe

windows7-x64

1

r128gain-0...eg.exe

windows10-2004-x64

1

r128gain-0...in.dll

windows7-x64

1

r128gain-0...in.dll

windows10-2004-x64

1

r128gain-0...rl.dll

windows7-x64

1

r128gain-0...rl.dll

windows10-2004-x64

1

r128gain-0...ox.dll

windows7-x64

1

r128gain-0...ox.dll

windows10-2004-x64

1

r128gain-0...52.dll

windows7-x64

1

r128gain-0...52.dll

windows10-2004-x64

1

r128gain-0...ox.exe

windows7-x64

1

r128gain-0...ox.exe

windows10-2004-x64

1

r128gain-0...-0.dll

windows7-x64

1

r128gain-0...-0.dll

windows10-2004-x64

1

r128gain-0...-2.dll

windows7-x64

3

r128gain-0...-2.dll

windows10-2004-x64

1

r128gain-0...in.exe

windows7-x64

1

r128gain-0...in.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-12-2023 12:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    r128gain-0.9.7-2/r128gain-tools/avformat-54.dll

  • Size

    369KB

  • MD5

    9aea77f6df373efd859ebdb4d4fe736a

  • SHA1

    9f6e029ad7849164f4995bfbae0cd3284eadeedb

  • SHA256

    a1f160c40e8121ef55de23633480b99be6558ff904c363f52685114f6465d035

  • SHA512

    9cdc48d3f88b1e3faac7dac82ee0a8a3979885d7821da56febf2788bd8cf246b13175ccaa834d32513b4d4dfb9cd52a08b5e5524d79363e267ca42e141813139

  • SSDEEP

    6144:eKCGbd6I6LnSU2oxvDIgRokY/r8Oe0mgOsieIzwxOO9JOc9fVMWWtMks9RFUfFjD:GWYI6TSMxvcgWkYz8OROvwrOcDjWtMkx

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\r128gain-0.9.7-2\r128gain-tools\avformat-54.dll,#1
    1⤵
      PID:3128
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 616
        2⤵
        • Program crash
        PID:4288
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\r128gain-0.9.7-2\r128gain-tools\avformat-54.dll,#1
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:1532
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3128 -ip 3128
      1⤵
        PID:3964

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/3128-0-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-3-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-6-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-9-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-12-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-15-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-17-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-19-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-20-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-18-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-16-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-23-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-25-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-28-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-30-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-32-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-27-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-35-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-37-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-34-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-41-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-39-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-43-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-45-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-46-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-47-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-48-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-50-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-52-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-53-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-44-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-55-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-58-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-60-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-61-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-64-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-65-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-63-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-69-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-70-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-71-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-73-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-77-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-80-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-82-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-85-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-87-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-86-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-83-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-93-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-95-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-99-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-101-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-105-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-108-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-110-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-115-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-117-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-123-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-126-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-125-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-121-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-119-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-113-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-103-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-97-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-84-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-78-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-75-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-76-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-74-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-72-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-67-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-68-0x0000000069900000-0x0000000069962000-memory.dmp

        Filesize

        392KB

        Download

      • memory/3128-62-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-56-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-22-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-14-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-11-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-8-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-5-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download

      • memory/3128-2-0x000000006A0C0000-0x000000006A569000-memory.dmp

        Filesize

        4.7MB

        Download