Overview
overview
10Static
static
374ec3e31d5...85.exe
windows7-x64
774ec3e31d5...85.exe
windows10-2004-x64
10$PLUGINSDI...s.html
windows7-x64
1$PLUGINSDI...s.html
windows10-2004-x64
10$PLUGINSDI...n.html
windows7-x64
1$PLUGINSDI...n.html
windows10-2004-x64
10$PLUGINSDI...l.html
windows7-x64
1$PLUGINSDI...l.html
windows10-2004-x64
10$PLUGINSDI...Ex.dll
windows7-x64
3$PLUGINSDI...Ex.dll
windows10-2004-x64
10$PLUGINSDI...es.dll
windows7-x64
3$PLUGINSDI...es.dll
windows10-2004-x64
10$PLUGINSDI...ss.dll
windows7-x64
1$PLUGINSDI...ss.dll
windows10-2004-x64
10$PLUGINSDI...r.html
windows7-x64
1$PLUGINSDI...r.html
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
10$PLUGINSDI...sh.dll
windows7-x64
3$PLUGINSDI...sh.dll
windows10-2004-x64
10$PLUGINSDI...ui.dll
windows7-x64
3$PLUGINSDI...ui.dll
windows10-2004-x64
10Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:02
Static task
static1
Behavioral task
behavioral1
Sample
74ec3e31d593fdc5f2ad2095b12e5a85.exe
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral2
Sample
74ec3e31d593fdc5f2ad2095b12e5a85.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Components.html
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Components.html
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Confirmation.html
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Confirmation.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
$PLUGINSDIR/Final.html
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral8
Sample
$PLUGINSDIR/Final.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InetLoadEx.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InetLoadEx.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
$PLUGINSDIR/Processes.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral12
Sample
$PLUGINSDIR/Processes.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
$PLUGINSDIR/Progress.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral14
Sample
$PLUGINSDIR/Progress.dll
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
$PLUGINSDIR/Register.html
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral16
Sample
$PLUGINSDIR/Register.html
Resource
win10v2004-20231215-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
windows7-x64
Behavioral task
behavioral18
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
$PLUGINSDIR/blowfish.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral20
Sample
$PLUGINSDIR/blowfish.dll
Resource
win10v2004-20231222-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
$PLUGINSDIR/nswebgui.dll
Resource
win7-20231215-en
windows7-x64
General
-
Target
$PLUGINSDIR/Processes.dll
-
Size
35KB
-
MD5
2cfba79d485cf441c646dd40d82490fc
-
SHA1
83e51ac1115a50986ed456bd18729653018b9619
-
SHA256
86b302fa9c85dfa0c1c03ba000864a928365dab571f3355347dba02da22949b7
-
SHA512
cca186a7f9c5cff3f4eca410fbe8cc13dad2514a7e36aec9b1addfbcb239ace9b9b2d8427771858e3fd11783abce7e24d43c286f98da9f8b17562ca095a4c043
-
SSDEEP
768:uxEiycFoaj/+WSiJfmjvab7L/cUf7IIlMLRF:uxEm7sgfmjy//cgdlM/
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process 1208 1772 WerFault.exe -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2068 wrote to memory of 1772 2068 rundll32.exe 2 PID 2068 wrote to memory of 1772 2068 rundll32.exe 2 PID 2068 wrote to memory of 1772 2068 rundll32.exe 2 PID 2068 wrote to memory of 1772 2068 rundll32.exe 2 PID 2068 wrote to memory of 1772 2068 rundll32.exe 2 PID 2068 wrote to memory of 1772 2068 rundll32.exe 2 PID 2068 wrote to memory of 1772 2068 rundll32.exe 2 PID 1772 wrote to memory of 1208 1772 rundll32.exe 1 PID 1772 wrote to memory of 1208 1772 rundll32.exe 1 PID 1772 wrote to memory of 1208 1772 rundll32.exe 1 PID 1772 wrote to memory of 1208 1772 rundll32.exe 1
Processes
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 2281⤵
- Program crash
PID:1208
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Processes.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1772
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Processes.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2068