Overview
overview
10Static
static
7751fc41438...a5.exe
windows7-x64
7751fc41438...a5.exe
windows10-2004-x64
10$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
10$PLUGINSDI...ig.dll
windows7-x64
3$PLUGINSDI...ig.dll
windows10-2004-x64
10$PLUGINSDI...pt.dll
windows7-x64
3$PLUGINSDI...pt.dll
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
10$PLUGINSDI...fo.dll
windows7-x64
3$PLUGINSDI...fo.dll
windows10-2004-x64
10$PLUGINSDI...or.dll
windows7-x64
3$PLUGINSDI...or.dll
windows10-2004-x64
10$PLUGINSDIR/inetc.dll
windows7-x64
3$PLUGINSDIR/inetc.dll
windows10-2004-x64
10$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
10$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
10$PLUGINSDI...ON.dll
windows7-x64
7$PLUGINSDI...ON.dll
windows10-2004-x64
10$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
10CouponTime...ll.exe
windows7-x64
7CouponTime...ll.exe
windows10-2004-x64
10$PLUGINSDI...os.dll
windows7-x64
3$PLUGINSDI...os.dll
windows10-2004-x64
10$PLUGINSDI...pt.dll
windows7-x64
3$PLUGINSDI...pt.dll
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
10Analysis
-
max time kernel
119s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:43
Behavioral task
behavioral1
Sample
751fc41438a3262b41446648a57e4da5.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
751fc41438a3262b41446648a57e4da5.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win7-20231215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/IpConfig.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/IpConfig.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/NSISEncrypt.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/NSISEncrypt.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231215-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral11
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win7-20231129-en
Behavioral task
behavioral12
Sample
$PLUGINSDIR/UserInfo.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral13
Sample
$PLUGINSDIR/WmiInspector.dll
Resource
win7-20231215-en
Behavioral task
behavioral14
Sample
$PLUGINSDIR/WmiInspector.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral15
Sample
$PLUGINSDIR/inetc.dll
Resource
win7-20231215-en
Behavioral task
behavioral16
Sample
$PLUGINSDIR/inetc.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral17
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral19
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20231129-en
Behavioral task
behavioral20
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral21
Sample
$PLUGINSDIR/nsJSON.dll
Resource
win7-20231215-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/nsJSON.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20231215-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral25
Sample
CouponTimeUninstall.exe
Resource
win7-20231215-en
Behavioral task
behavioral26
Sample
CouponTimeUninstall.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral27
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win7-20231215-en
Behavioral task
behavioral28
Sample
$PLUGINSDIR/ExecDos.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral29
Sample
$PLUGINSDIR/NSISEncrypt.dll
Resource
win7-20231215-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/NSISEncrypt.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
General
-
Target
$PLUGINSDIR/ExecDos.dll
-
Size
5KB
-
MD5
ebcf9f71d804abab3c2e5ce4c17dc22e
-
SHA1
17d13084e75cbfa5fbfdd0025e9a0ee5772ae765
-
SHA256
d387b725afbd2a6f9b44999278d21025fae55b391e45f7751b88dfb13511a993
-
SHA512
5576396c2d885c039668d7f401eeee583eb4de39e8497c3aaec32d47f4417a522fe6786c111d50a5fba7570f50e84144ef3a8aea42677d170e79114343c3a4a1
-
SSDEEP
48:qNpugCjmWaZ+rnHAUiP9JLw/RHFtly5vorpSpSi7+5HCAx31Oglt6Zlrz9QH96AD:r0W1nHAfPPORHnooAU3xYglt6WwE
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2528 2476 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2064 wrote to memory of 2476 2064 rundll32.exe rundll32.exe PID 2064 wrote to memory of 2476 2064 rundll32.exe rundll32.exe PID 2064 wrote to memory of 2476 2064 rundll32.exe rundll32.exe PID 2064 wrote to memory of 2476 2064 rundll32.exe rundll32.exe PID 2064 wrote to memory of 2476 2064 rundll32.exe rundll32.exe PID 2064 wrote to memory of 2476 2064 rundll32.exe rundll32.exe PID 2064 wrote to memory of 2476 2064 rundll32.exe rundll32.exe PID 2476 wrote to memory of 2528 2476 rundll32.exe WerFault.exe PID 2476 wrote to memory of 2528 2476 rundll32.exe WerFault.exe PID 2476 wrote to memory of 2528 2476 rundll32.exe WerFault.exe PID 2476 wrote to memory of 2528 2476 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ExecDos.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2064 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ExecDos.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2476 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 2243⤵
- Program crash
PID:2528