f7a518625499f2be5eaa851982ec10adcc449ffad3854d81a4f1386c6c34df94

Analysis

max time kernel
62s
max time network
84s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 15:03 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

opengl32.dll
Size

36.0MB
MD5

ca1aaaccc6f19ccd74a48eea51c03338
SHA1

c0ca48ab85406b6a98761a212c3e5fde92ada7ec
SHA256

d109ab0e8f7aa6f00992368b72c9a8aa0cf6d1b1563c3ab1caedbdba9c4476ba
SHA512

8bf7382fdc59649a1b44107d4289a8ea898f19c2addb3d5fc87a1c60baa667abac359d084829b552b391456613a0e3273a64d3d2464d780cc1d7d6ef5c204a31
SSDEEP

393216:LoT0RoCZueyqN9LB2xmcR+hcoPwdyzjpECaT0UMPbGLsXT4El/uRKgI9v/2OlJ/I:84vb0GmnI9NX0

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3920	rundll32.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3920	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3920 wrote to memory of 3936	3920	rundll32.exe	37
PID 3920 wrote to memory of 3936	3920	rundll32.exe	37
PID 3920 wrote to memory of 3936	3920	rundll32.exe	37

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\opengl32.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3920
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3920 -s 56
  2⤵
  PID:3936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4084 --field-trial-handle=1300,i,11863090858071501683,1776977532629093433,131072 /prefetch:8
1⤵
PID:3964

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=1600 --field-trial-handle=1300,i,11863090858071501683,1776977532629093433,131072 /prefetch:1
1⤵
PID:4068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1056 --field-trial-handle=1300,i,11863090858071501683,1776977532629093433,131072 /prefetch:8
1⤵
PID:1916

Network

DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.200.4
DNS

github.com

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

140.82.121.3
DNS

github.githubassets.com

Remote address:

8.8.8.8:53

Request

github.githubassets.com

IN A

Response

github.githubassets.com

IN A

185.199.108.154

github.githubassets.com

IN A

185.199.109.154

github.githubassets.com

IN A

185.199.110.154

github.githubassets.com

IN A

185.199.111.154
DNS

avatars.githubusercontent.com

Remote address:

8.8.8.8:53

Request

avatars.githubusercontent.com

IN A

Response

avatars.githubusercontent.com

IN A

185.199.108.133

avatars.githubusercontent.com

IN A

185.199.109.133

avatars.githubusercontent.com

IN A

185.199.110.133

avatars.githubusercontent.com

IN A

185.199.111.133
DNS

avatars.githubusercontent.com

Remote address:

8.8.8.8:53

Request

avatars.githubusercontent.com

IN A
DNS

github-cloud.s3.amazonaws.com

Remote address:

8.8.8.8:53

Request

github-cloud.s3.amazonaws.com

IN A

Response

github-cloud.s3.amazonaws.com

IN CNAME

s3-1-w.amazonaws.com

s3-1-w.amazonaws.com

IN CNAME

s3-w.us-east-1.amazonaws.com

s3-w.us-east-1.amazonaws.com

IN A

54.231.204.65

s3-w.us-east-1.amazonaws.com

IN A

52.216.57.121

s3-w.us-east-1.amazonaws.com

IN A

54.231.202.25

s3-w.us-east-1.amazonaws.com

IN A

3.5.1.17

s3-w.us-east-1.amazonaws.com

IN A

52.216.213.113

s3-w.us-east-1.amazonaws.com

IN A

52.217.85.172

s3-w.us-east-1.amazonaws.com

IN A

3.5.27.172

s3-w.us-east-1.amazonaws.com

IN A

52.216.54.81
DNS

github-cloud.s3.amazonaws.com

Remote address:

8.8.8.8:53

Request

github-cloud.s3.amazonaws.com

IN A
DNS

user-images.githubusercontent.com

Remote address:

8.8.8.8:53

Request

user-images.githubusercontent.com

IN A

Response

user-images.githubusercontent.com

IN A

185.199.111.133

user-images.githubusercontent.com

IN A

185.199.110.133

user-images.githubusercontent.com

IN A

185.199.109.133

user-images.githubusercontent.com

IN A

185.199.108.133
DNS

content-autofill.googleapis.com

Remote address:

8.8.8.8:53

Request

content-autofill.googleapis.com

IN A

Response

content-autofill.googleapis.com

IN A

142.250.187.234

content-autofill.googleapis.com

IN A

172.217.16.234

content-autofill.googleapis.com

IN A

142.250.178.10

content-autofill.googleapis.com

IN A

142.250.200.42

content-autofill.googleapis.com

IN A

142.250.200.10

content-autofill.googleapis.com

IN A

216.58.201.106

content-autofill.googleapis.com

IN A

216.58.204.74

content-autofill.googleapis.com

IN A

216.58.213.10

content-autofill.googleapis.com

IN A

172.217.169.10

content-autofill.googleapis.com

IN A

216.58.212.234

content-autofill.googleapis.com

IN A

172.217.169.74

content-autofill.googleapis.com

IN A

142.250.179.234

content-autofill.googleapis.com

IN A

142.250.180.10

content-autofill.googleapis.com

IN A

142.250.187.202

142.250.200.4:443

www.google.com

52 B
1
142.250.200.4:443

www.google.com

52 B
1
140.82.121.3:443

github.com

tls

3.2kB
52.2kB
32
47
140.82.121.3:443

github.com

tls

1.0kB
3.3kB
10
8
185.199.108.154:443

github.githubassets.com

tls

1.6kB
4.9kB
12
11
185.199.108.154:443

github.githubassets.com

tls

1.7kB
5.0kB
13
12
185.199.108.154:443

github.githubassets.com

tls

1.7kB
5.0kB
13
12
185.199.108.154:443

github.githubassets.com

tls

1.7kB
5.0kB
13
12
185.199.108.154:443

github.githubassets.com

tls

1.7kB
6.4kB
13
12
185.199.108.154:443

github.githubassets.com

tls

1.6kB
4.9kB
12
11
185.199.108.133:443

avatars.githubusercontent.com

tls

1.0kB
4.8kB
8
8
185.199.108.154:443

github.githubassets.com

tls

1.6kB
4.7kB
11
10
185.199.108.154:443

github.githubassets.com

tls

1.6kB
4.7kB
11
10
185.199.108.154:443

github.githubassets.com

tls

955 B
4.7kB
9
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

2.1kB
4.6kB
11
8
185.199.108.154:443

github.githubassets.com

tls

2.1kB
4.7kB
12
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
11
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

955 B
4.7kB
9
9
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

955 B
4.7kB
9
9
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
9
185.199.108.154:443

github.githubassets.com

tls

1.2kB
6.0kB
13
9
185.199.108.154:443

github.githubassets.com

tls

955 B
4.7kB
9
9
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
9
185.199.108.154:443

github.githubassets.com

tls

1.1kB
4.7kB
11
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
11
11
185.199.108.154:443

github.githubassets.com

tls

955 B
4.7kB
9
10
185.199.108.154:443

github.githubassets.com

tls

1.1kB
4.7kB
11
10
185.199.108.154:443

github.githubassets.com

tls

1.1kB
4.7kB
12
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.1kB
4.7kB
12
10
185.199.108.154:443

github.githubassets.com

tls

955 B
4.7kB
9
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

955 B
4.7kB
9
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
11
11
185.199.108.154:443

github.githubassets.com

tls

1.1kB
4.9kB
12
9
185.199.108.154:443

github.githubassets.com

tls

1.6kB
4.7kB
11
10
185.199.108.154:443

github.githubassets.com

tls

1.1kB
4.7kB
11
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.1kB
4.8kB
12
12
185.199.108.154:443

github.githubassets.com

tls

1.1kB
4.7kB
12
10
185.199.108.154:443

github.githubassets.com

tls

1.1kB
4.9kB
12
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
11
11
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

955 B
4.7kB
9
9
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

955 B
4.7kB
9
9
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.6kB
4.7kB
11
10
185.199.108.154:443

github.githubassets.com

tls

1.6kB
4.7kB
11
10
185.199.108.154:443

github.githubassets.com

tls

1.1kB
4.7kB
11
10
185.199.108.154:443

github.githubassets.com

tls

1.1kB
4.7kB
12
9
185.199.108.154:443

github.githubassets.com

tls

1.6kB
4.7kB
11
10
185.199.108.154:443

github.githubassets.com

tls

955 B
4.7kB
9
9
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
9
185.199.108.154:443

github.githubassets.com

tls

1.5kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.0kB
4.7kB
10
10
185.199.108.154:443

github.githubassets.com

tls

1.1kB
4.8kB
12
12
142.250.187.234:443

content-autofill.googleapis.com

tls

1.8kB
6.9kB
13
14
185.199.108.154:443

github.githubassets.com

tls

1.1kB
4.9kB
11
10
185.199.108.154:443

github.githubassets.com

tls

955 B
4.7kB
9
10
185.199.108.154:443

github.githubassets.com

tls

955 B
4.7kB
9
10

8.8.8.8:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.200.4
142.250.200.4:443

www.google.com

https

7.1kB
65.0kB
65
72
224.0.0.251:5353

204 B
3
8.8.8.8:53

github.com

dns

56 B
72 B
1
1

DNS Request

github.com

DNS Response

140.82.121.3
8.8.8.8:53

github.githubassets.com

dns

69 B
133 B
1
1

DNS Request

github.githubassets.com

DNS Response

185.199.108.154

185.199.109.154

185.199.110.154

185.199.111.154
8.8.8.8:53

avatars.githubusercontent.com

dns

150 B
139 B
2
1

DNS Request

avatars.githubusercontent.com

DNS Request

avatars.githubusercontent.com

DNS Response

185.199.108.133

185.199.109.133

185.199.110.133

185.199.111.133
8.8.8.8:53

github-cloud.s3.amazonaws.com

dns

150 B
253 B
2
1

DNS Request

github-cloud.s3.amazonaws.com

DNS Request

github-cloud.s3.amazonaws.com

DNS Response

54.231.204.65

52.216.57.121

54.231.202.25

3.5.1.17

52.216.213.113

52.217.85.172

3.5.27.172

52.216.54.81
8.8.8.8:53

user-images.githubusercontent.com

dns

79 B
143 B
1
1

DNS Request

user-images.githubusercontent.com

DNS Response

185.199.111.133

185.199.110.133

185.199.109.133

185.199.108.133
8.8.8.8:53

content-autofill.googleapis.com

dns

77 B
301 B
1
1

DNS Request

content-autofill.googleapis.com

DNS Response

142.250.187.234

172.217.16.234

142.250.178.10

142.250.200.42

142.250.200.10

216.58.201.106

216.58.204.74

216.58.213.10

172.217.169.10

216.58.212.234

172.217.169.74

142.250.179.234

142.250.180.10

142.250.187.202

Windows 7 deprecation

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

Loading Replay Monitor...

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.