Overview

overview

10

Static

static

10

PCProtect_Setup.exe

windows11-21h2-x64

8

mscordbi.dll

windows11-21h2-x64

1

mscorlib.dll

windows11-21h2-x64

1

mscorrc.debug.dll

windows11-21h2-x64

1

mscorrc.dll

windows11-21h2-x64

1

netstandard.dll

windows11-21h2-x64

1

nfapi.dll

windows11-21h2-x64

1

nfregdrv.exe

windows11-21h2-x64

1

ovpn/libcr..._1.dll

windows11-21h2-x64

3

ovpn/liblzo2-2.dll

windows11-21h2-x64

3

ovpn/libpk...-1.dll

windows11-21h2-x64

3

ovpn/libssl-1_1.dll

windows11-21h2-x64

1

ovpn/openvpn.exe

windows11-21h2-x64

1

ovpn/openvpn_down.bat

windows11-21h2-x64

1

ovpn/openvpn_up.bat

windows11-21h2-x64

1

protected_...am.sys

windows11-21h2-x64

1

protected_...am.sys

windows11-21h2-x64

1

pwm.dll

windows11-21h2-x64

1

sni.dll

windows11-21h2-x64

1

ucrtbase.dll

windows11-21h2-x64

1

urldrv/tdi...er.sys

windows11-21h2-x64

1

urldrv/tdi...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

vcruntime140_cor3.dll

windows11-21h2-x64

3

wpfgfx_cor3.dll

windows11-21h2-x64

1

wscf.exe

windows11-21h2-x64

1

x86/update.dll

windows11-21h2-x64

3

Analysis

  • max time kernel
    97s
  • max time network
    128s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231222-en
  • resource tags

    arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-01-2024 04:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ovpn/libssl-1_1.dll

  • Size

    924KB

  • MD5

    d6d65e0a4a7706a90e328578251f43ae

  • SHA1

    5a34a15fd21f345b3f6c1876df3503e0050e7428

  • SHA256

    89d49df485a5c33f0ebef4a78f6ceb63e60c08113fe21a911cd2c196bf9393fd

  • SHA512

    2f524f1f9281a643ca3dd657e8136828fbb4c58b259c717bd05ea964379ad814fabd9e47d129ff1866dd92e8d5cadbce38b66c8daf2aba944c57368e7c1d8273

  • SSDEEP

    24576:jN/UGlfUX71WzUoh53Xbj9Vku1UYaN4vlMAUBYSwF/mbsgEKQG7iiHh7xqwg:x/61Wz3534u1UYaWvlMAUuSwF/mbsgpc

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ovpn\libssl-1_1.dll,#1
    1⤵
      PID:4436
    • C:\Windows\system32\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ovpn\libssl-1_1.dll,#1
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2280

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4436-0-0x0000000074EC0000-0x000000007517E000-memory.dmp

      Filesize

      2.7MB

      Download