Overview
overview
7Static
static
374141beea5...15.exe
windows7-x64
774141beea5...15.exe
windows10-2004-x64
7$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows7-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDIR/UAC.dll
windows7-x64
3$PLUGINSDIR/UAC.dll
windows10-2004-x64
3$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDI...nz.dll
windows7-x64
3$PLUGINSDI...nz.dll
windows10-2004-x64
3Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/01/2024, 07:25 UTC
Static task
static1
Behavioral task
behavioral1
Sample
74141beea58737c34608f53ad1b2ca15.exe
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral2
Sample
74141beea58737c34608f53ad1b2ca15.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$PLUGINSDIR/UAC.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
$PLUGINSDIR/UAC.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral16
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$PLUGINSDIR/linker.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
$PLUGINSDIR/linker.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral20
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$PLUGINSDIR/nsisunz.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral22
Sample
$PLUGINSDIR/nsisunz.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
General
-
Target
$PLUGINSDIR/FindProcDLL.dll
-
Size
31KB
-
MD5
83cd62eab980e3d64c131799608c8371
-
SHA1
5b57a6842a154997e31fab573c5754b358f5dd1c
-
SHA256
a6122e80f1c51dc72770b4f56c7c482f7a9571143fbf83b19c4d141d0cb19294
-
SHA512
91cfbcc125600ec341f5571dcf1e4a814cf7673f82cf42f32155bd54791bbf32619f2bb14ae871d7996e9ddecdfcc5db40caa0979d6dfba3e73cfe8e69c163c9
-
SSDEEP
384:1NWlNdqdAnhTKMLE2oIM05fnqCiWg3Yy9kflIinokN:1NWtqdihTKCldkYwkdpnoy
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2980 2556 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2092 wrote to memory of 2556 2092 rundll32.exe 28 PID 2092 wrote to memory of 2556 2092 rundll32.exe 28 PID 2092 wrote to memory of 2556 2092 rundll32.exe 28 PID 2092 wrote to memory of 2556 2092 rundll32.exe 28 PID 2092 wrote to memory of 2556 2092 rundll32.exe 28 PID 2092 wrote to memory of 2556 2092 rundll32.exe 28 PID 2092 wrote to memory of 2556 2092 rundll32.exe 28 PID 2556 wrote to memory of 2980 2556 rundll32.exe 29 PID 2556 wrote to memory of 2980 2556 rundll32.exe 29 PID 2556 wrote to memory of 2980 2556 rundll32.exe 29 PID 2556 wrote to memory of 2980 2556 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\FindProcDLL.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2092 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\FindProcDLL.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2556 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 2283⤵
- Program crash
PID:2980
-
-