Overview
overview
10Static
static
3drdivx2-2.0.1-b3.exe
windows7-x64
7drdivx2-2.0.1-b3.exe
windows10-2004-x64
10$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
10$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
10$R0.dll
windows7-x64
1$R0.dll
windows10-2004-x64
10安装说明.url
windows7-x64
1安装说明.url
windows10-2004-x64
10Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:15
Static task
static1
Behavioral task
behavioral1
Sample
drdivx2-2.0.1-b3.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
drdivx2-2.0.1-b3.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral9
Sample
$R0.dll
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
$R0.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
安装说明.url
Resource
win7-20231215-en
General
-
Target
$PLUGINSDIR/System.dll
-
Size
10KB
-
MD5
d4d09da0218ba046a66a294f0cca9dfe
-
SHA1
417b1acdeb0a4de6ac752a93080ca5b9164eb44b
-
SHA256
9090e47d239aa1da9598a483861165e0153c01ad9ff9d65cb6c0f4497a1da5b3
-
SHA512
3bc9a65842301dab56c139cc5a3457158d37ef294583728c93da1e11ae457df9551b0f8fbd03d5ea3058f3bc794d0ede57ea3efd5d663b45d25647a39cd955bf
-
SSDEEP
192:/OSsJI/rqmIDNLU0dq51EgAiNbubv6nLZ:pHQQ0d01Egbq76n
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2104 2220 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 3060 wrote to memory of 2220 3060 rundll32.exe rundll32.exe PID 3060 wrote to memory of 2220 3060 rundll32.exe rundll32.exe PID 3060 wrote to memory of 2220 3060 rundll32.exe rundll32.exe PID 3060 wrote to memory of 2220 3060 rundll32.exe rundll32.exe PID 3060 wrote to memory of 2220 3060 rundll32.exe rundll32.exe PID 3060 wrote to memory of 2220 3060 rundll32.exe rundll32.exe PID 3060 wrote to memory of 2220 3060 rundll32.exe rundll32.exe PID 2220 wrote to memory of 2104 2220 rundll32.exe WerFault.exe PID 2220 wrote to memory of 2104 2220 rundll32.exe WerFault.exe PID 2220 wrote to memory of 2104 2220 rundll32.exe WerFault.exe PID 2220 wrote to memory of 2104 2220 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3060 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2220 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 2283⤵
- Program crash
PID:2104