Overview

overview

1

Static

static

1

gmpopenh264.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    145s
  • max time network
    182s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2024 22:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gmpopenh264.dll

  • Size

    997KB

  • MD5

    fe3355639648c417e8307c6d051e3e37

  • SHA1

    f54602d4b4778da21bc97c7238fc66aa68c8ee34

  • SHA256

    1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

  • SHA512

    8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

  • SSDEEP

    12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x

Score
1/10

Malware Config

Signatures

  • Checks processor information in registry 2 TTPs 15 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 1 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 21 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\gmpopenh264.dll,#1
    1⤵
      PID:4896
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Checks processor information in registry
      PID:3156
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Checks processor information in registry
      PID:532
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      1⤵
      • Checks processor information in registry
      PID:1052
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4688.0.681256591\433592765" -parentBuildID 20221007134813 -prefsHandle 1800 -prefMapHandle 1792 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {44e825f9-3688-49aa-9124-13404c0cb893} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" 1880 19a6adf6558 gpu
      1⤵
        PID:3908
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4688.1.562992399\257087416" -parentBuildID 20221007134813 -prefsHandle 2252 -prefMapHandle 2248 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {174cc99a-9eda-4a3e-8bb6-675241946bff} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" 2272 19a6aafc558 socket
        1⤵
          PID:3788
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4688.2.1672746484\561133194" -childID 1 -isForBrowser -prefsHandle 3096 -prefMapHandle 2816 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ddd31e3b-eda9-41c0-9a17-a25432bc80a8} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" 3024 19a6e640a58 tab
          1⤵
            PID:3996
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4688.3.1458810308\383397673" -childID 2 -isForBrowser -prefsHandle 1324 -prefMapHandle 1096 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1cdbac9-00e3-437b-b8b6-f3d85926901d} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" 2416 19a5e275e58 tab
            1⤵
              PID:3124
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4688.4.1805678388\1591656522" -childID 3 -isForBrowser -prefsHandle 3776 -prefMapHandle 3772 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {90a2fc3e-439e-471b-b71d-bd0519861327} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" 3792 19a5e26a258 tab
              1⤵
                PID:5076
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4688.6.1139414716\733737674" -childID 5 -isForBrowser -prefsHandle 4936 -prefMapHandle 4932 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a64769b-312c-4201-98b5-71814846797b} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" 4956 19a70babe58 tab
                1⤵
                  PID:1368
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4688.5.2092628074\1251446125" -childID 4 -isForBrowser -prefsHandle 4912 -prefMapHandle 4908 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29ef2a50-cf86-40dd-8d86-794021a5effa} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" 4928 19a6ec47858 tab
                  1⤵
                    PID:2156
                  • C:\Program Files\Mozilla Firefox\firefox.exe
                    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4688.7.1399878270\1369614544" -childID 6 -isForBrowser -prefsHandle 5176 -prefMapHandle 5172 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1288 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c1608a79-c6b4-41d1-b3d9-ae35bb52a278} 4688 "\\.\pipe\gecko-crash-server-pipe.4688" 5184 19a70baac58 tab
                    1⤵
                      PID:2720
                    • C:\Windows\System32\rundll32.exe
                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                      1⤵
                        PID:1852
                      • C:\Windows\system32\OpenWith.exe
                        C:\Windows\system32\OpenWith.exe -Embedding
                        1⤵
                        • Modifies registry class
                        • Suspicious behavior: GetForegroundWindowSpam
                        • Suspicious use of SetWindowsHookEx
                        • Suspicious use of WriteProcessMemory
                        PID:4492
                        • C:\Windows\system32\NOTEPAD.EXE
                          "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\Temp1_openh264-win64-2e1774ab6dc6c43debb0b5b628bdf122a391d521.zip\gmpopenh264.info
                          2⤵
                          • Suspicious use of FindShellTrayWindow
                          PID:3836

                      Network

                      MITRE ATT&CK Enterprise v15

                      Replay Monitor

                      Loading Replay Monitor...

                      Downloads