Overview

overview

10

Static

static

10

PCProtect_Setup.exe

windows11-21h2-x64

8

mscordbi.dll

windows11-21h2-x64

1

mscorlib.dll

windows11-21h2-x64

1

mscorrc.debug.dll

windows11-21h2-x64

1

mscorrc.dll

windows11-21h2-x64

1

netstandard.dll

windows11-21h2-x64

1

nfapi.dll

windows11-21h2-x64

1

nfregdrv.exe

windows11-21h2-x64

1

ovpn/libcr..._1.dll

windows11-21h2-x64

3

ovpn/liblzo2-2.dll

windows11-21h2-x64

3

ovpn/libpk...-1.dll

windows11-21h2-x64

3

ovpn/libssl-1_1.dll

windows11-21h2-x64

1

ovpn/openvpn.exe

windows11-21h2-x64

1

ovpn/openvpn_down.bat

windows11-21h2-x64

1

ovpn/openvpn_up.bat

windows11-21h2-x64

1

protected_...am.sys

windows11-21h2-x64

1

protected_...am.sys

windows11-21h2-x64

1

pwm.dll

windows11-21h2-x64

1

sni.dll

windows11-21h2-x64

1

ucrtbase.dll

windows11-21h2-x64

1

urldrv/tdi...er.sys

windows11-21h2-x64

1

urldrv/tdi...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

vcruntime140_cor3.dll

windows11-21h2-x64

3

wpfgfx_cor3.dll

windows11-21h2-x64

1

wscf.exe

windows11-21h2-x64

1

x86/update.dll

windows11-21h2-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    146s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-01-2024 04:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nfapi.dll

  • Size

    334KB

  • MD5

    82cf3571fb6b98d3a7a7b5c7c34fdca3

  • SHA1

    9df1dfe570518369d365d21495cf4c50591ff342

  • SHA256

    eb59bd2322dbe8e289c35e304ebc4633d0298890fdbdeade2b35f32bed2e6b06

  • SHA512

    5eebe58cd25bacc861e3ea5c89ec4c470cf6c41dc28f2597190166b3272db419c55ea989a60b2f6e822738e500846f5570d491082ee8dfc4e03924f200bb767d

  • SSDEEP

    3072:/KpHwC6H+AYYYxYYYYYrs/NAWOZFvyfaP710WkYsf+6pu6v3tgHf+dNUxJcGtHF7:/KpHMg61ZFvyfKLkzfrnvGHfDcGtrF

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\nfapi.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4812
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\nfapi.dll,#1
      2⤵
        PID:5056

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads