Overview

overview

10

Static

static

10

ScanGuard_Setup.exe

windows11-21h2-x64

8

netstandard.dll

windows11-21h2-x64

1

nfapi.dll

windows11-21h2-x64

1

nfregdrv.exe

windows11-21h2-x64

1

ovpn/libcr..._1.dll

windows11-21h2-x64

3

ovpn/liblzo2-2.dll

windows11-21h2-x64

3

ovpn/libpk...-1.dll

windows11-21h2-x64

3

ovpn/libssl-1_1.dll

windows11-21h2-x64

1

ovpn/opens...e .txt

windows11-21h2-x64

3

ovpn/openv...se.txt

windows11-21h2-x64

3

ovpn/openvpn.exe

windows11-21h2-x64

1

ovpn/openvpn_down.bat

windows11-21h2-x64

1

ovpn/openvpn_up.bat

windows11-21h2-x64

1

protected_...am.sys

windows11-21h2-x64

1

protected_...am.sys

windows11-21h2-x64

1

pwm.dll

windows11-21h2-x64

1

securityservice.cat

windows11-21h2-x64

8

sni.dll

windows11-21h2-x64

1

ucrtbase.dll

windows11-21h2-x64

1

uninst.exe.nsis

windows11-21h2-x64

3

urldrv/tdi...er.sys

windows11-21h2-x64

1

urldrv/tdi...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

urldrv/wfp...er.sys

windows11-21h2-x64

1

vcruntime140_cor3.dll

windows11-21h2-x64

3

wpfgfx_cor3.dll

windows11-21h2-x64

1

wscf.exe

windows11-21h2-x64

1

x86/update.dll

windows11-21h2-x64

3

Analysis

  • max time kernel
    80s
  • max time network
    95s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231222-en
  • resource tags

    arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    13-01-2024 04:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ovpn/libpkcs11-helper-1.dll

  • Size

    123KB

  • MD5

    5e12d4d264ba957604e80ebbb436c61b

  • SHA1

    50ad9a622518989a80355d226b77c5c57aecba64

  • SHA256

    6f0e5fbeec6474e0cc2bd0536aed3ff47fef4588fe28625ce2b3eaacb5f0dead

  • SHA512

    e4dbb5e094b48bb47a30dc5782b9a5b58dd039c626922cc7884c00f2bc24ae4c457b11e2889ff373cc592c47daf1511ca4ab10a6f26f7f2f745efd9e64a5f002

  • SSDEEP

    3072:tACv01QslFoJiU4ixhvt5hTQQU7kVTAHluobjrf1Evu5g8V:tPv01rI3t5hTQQU7kVTAHluobjrf1Evu

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ovpn\libpkcs11-helper-1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3608
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ovpn\libpkcs11-helper-1.dll,#1
      2⤵
        PID:2440
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 492
          3⤵
          • Program crash
          PID:2284
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2440 -ip 2440
      1⤵
        PID:2596

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2440-0-0x0000000074DD0000-0x000000007508E000-memory.dmp

        Filesize

        2.7MB

        Download

      • memory/2440-1-0x0000000075090000-0x00000000750B3000-memory.dmp

        Filesize

        140KB

        Download

      • memory/2440-2-0x0000000074DD0000-0x000000007508E000-memory.dmp

        Filesize

        2.7MB

        Download