Overview
overview
10Static
static
3Finals-Hack-main.exe
windows7-x64
8Finals-Hack-main.exe
windows10-2004-x64
10opengl32.dll
windows7-x64
1opengl32.dll
windows10-2004-x64
1profile/bo...s.html
windows7-x64
1profile/bo...s.html
windows10-2004-x64
1profile/ca...5.html
windows7-x64
1profile/ca...5.html
windows10-2004-x64
1profile/ca...3.html
windows7-x64
1profile/ca...3.html
windows10-2004-x64
10074E7EADB...8F2.js
windows7-x64
10074E7EADB...8F2.js
windows10-2004-x64
100BE7F9DA5...CA7.js
windows7-x64
100BE7F9DA5...CA7.js
windows10-2004-x64
100EE605E0E...8A7.js
windows7-x64
100EE605E0E...8A7.js
windows10-2004-x64
1profile/ca...9AD.js
windows7-x64
1profile/ca...9AD.js
windows10-2004-x64
101F3FC5B94...196.js
windows7-x64
101F3FC5B94...196.js
windows10-2004-x64
1031D7C56C6...D26.js
windows7-x64
1031D7C56C6...D26.js
windows10-2004-x64
1profile/ca...C42.js
windows7-x64
1profile/ca...C42.js
windows10-2004-x64
10453FDBE33...772.js
windows7-x64
10453FDBE33...772.js
windows10-2004-x64
1profile/ca...993.js
windows7-x64
1profile/ca...993.js
windows10-2004-x64
1profile/ca...79A.gz
windows7-x64
3profile/ca...79A.gz
windows10-2004-x64
7profile/ca...415.js
windows7-x64
1profile/ca...415.js
windows10-2004-x64
1Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
10/01/2024, 12:29
Static task
static1
Behavioral task
behavioral1
Sample
Finals-Hack-main.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
Finals-Hack-main.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
opengl32.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
opengl32.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
profile/bookmarks.html
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
profile/bookmarks.html
Resource
win10v2004-20231222-en
Behavioral task
behavioral7
Sample
profile/cache2/doomed/285.html
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
profile/cache2/doomed/285.html
Resource
win10v2004-20231222-en
Behavioral task
behavioral9
Sample
profile/cache2/doomed/5823.html
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
profile/cache2/doomed/5823.html
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
0074E7EADB9AF6975D36F41996674786A91D38F2.js
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
0074E7EADB9AF6975D36F41996674786A91D38F2.js
Resource
win10v2004-20231222-en
Behavioral task
behavioral13
Sample
00BE7F9DA523AB29705009AE318BC8D1EA1A1CA7.js
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
00BE7F9DA523AB29705009AE318BC8D1EA1A1CA7.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
00EE605E0EFE18DE2959AF4F77D0FB4EC68B98A7.js
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
00EE605E0EFE18DE2959AF4F77D0FB4EC68B98A7.js
Resource
win10v2004-20231222-en
Behavioral task
behavioral17
Sample
profile/cache2/entries/010E3AB989ADBA95700DC330B0408A3E24B1B9AD.js
Resource
win7-20231215-en
Behavioral task
behavioral18
Sample
profile/cache2/entries/010E3AB989ADBA95700DC330B0408A3E24B1B9AD.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
01F3FC5B949F3F17401995A81248637154FAA196.js
Resource
win7-20231215-en
Behavioral task
behavioral20
Sample
01F3FC5B949F3F17401995A81248637154FAA196.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral21
Sample
031D7C56C6FB471AE5EF12487A9712C96B2D7D26.js
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
031D7C56C6FB471AE5EF12487A9712C96B2D7D26.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral23
Sample
profile/cache2/entries/045303EF7EAD8BA16789BEC1A684893679CE6C42.js
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
profile/cache2/entries/045303EF7EAD8BA16789BEC1A684893679CE6C42.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral25
Sample
0453FDBE339FFAC08D19DC5A3BAA262994C36772.js
Resource
win7-20231215-en
Behavioral task
behavioral26
Sample
0453FDBE339FFAC08D19DC5A3BAA262994C36772.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
profile/cache2/entries/069AB8E0648CD57EE5B643E9F27C19E121B91993.js
Resource
win7-20231215-en
Behavioral task
behavioral28
Sample
profile/cache2/entries/069AB8E0648CD57EE5B643E9F27C19E121B91993.js
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
profile/cache2/entries/0762816DDF82FA4D7AF3935CAF9C0FACBF9C379A.gz
Resource
win7-20231215-en
Behavioral task
behavioral30
Sample
profile/cache2/entries/0762816DDF82FA4D7AF3935CAF9C0FACBF9C379A.gz
Resource
win10v2004-20231222-en
Behavioral task
behavioral31
Sample
profile/cache2/entries/0A1250CA87E7D3AD993AEB6BBDC2690F21099415.js
Resource
win7-20231215-en
Behavioral task
behavioral32
Sample
profile/cache2/entries/0A1250CA87E7D3AD993AEB6BBDC2690F21099415.js
Resource
win10v2004-20231215-en
General
-
Target
opengl32.dll
-
Size
36.0MB
-
MD5
ca1aaaccc6f19ccd74a48eea51c03338
-
SHA1
c0ca48ab85406b6a98761a212c3e5fde92ada7ec
-
SHA256
d109ab0e8f7aa6f00992368b72c9a8aa0cf6d1b1563c3ab1caedbdba9c4476ba
-
SHA512
8bf7382fdc59649a1b44107d4289a8ea898f19c2addb3d5fc87a1c60baa667abac359d084829b552b391456613a0e3273a64d3d2464d780cc1d7d6ef5c204a31
-
SSDEEP
393216:LoT0RoCZueyqN9LB2xmcR+hcoPwdyzjpECaT0UMPbGLsXT4El/uRKgI9v/2OlJ/I:84vb0GmnI9NX0
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2872 rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2872 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2872 wrote to memory of 3012 2872 rundll32.exe 24 PID 2872 wrote to memory of 3012 2872 rundll32.exe 24 PID 2872 wrote to memory of 3012 2872 rundll32.exe 24
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\opengl32.dll,#11⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2872 -s 522⤵PID:3012
-