Overview
overview
9Static
static
9Awesomium.dll
windows11-21h2-x64
3AwesomiumProcess.exe
windows11-21h2-x64
1Core.dll
windows11-21h2-x64
1D3DDrv.dll
windows11-21h2-x64
1D3DX9_40.dll
windows11-21h2-x64
3DSETUP.dll
windows11-21h2-x64
7Engine.dll
windows11-21h2-x64
1Fire.dll
windows11-21h2-x64
1L2.exe
windows11-21h2-x64
7clmods.dll
windows11-21h2-x64
5en-US.dll
windows11-21h2-x64
1l2.exe
windows11-21h2-x64
7Analysis
-
max time kernel
443s -
max time network
451s -
platform
windows11-21h2_x64 -
resource
win11-20231222-en -
resource tags
arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system -
submitted
06-02-2024 00:08
Behavioral task
behavioral1
Sample
Awesomium.dll
Resource
win11-20231222-en
Behavioral task
behavioral2
Sample
AwesomiumProcess.exe
Resource
win11-20231222-en
Behavioral task
behavioral3
Sample
Core.dll
Resource
win11-20231215-en
Behavioral task
behavioral4
Sample
D3DDrv.dll
Resource
win11-20231222-en
Behavioral task
behavioral5
Sample
D3DX9_40.dll
Resource
win11-20231215-en
Behavioral task
behavioral6
Sample
DSETUP.dll
Resource
win11-20231222-en
Behavioral task
behavioral7
Sample
Engine.dll
Resource
win11-20231222-en
Behavioral task
behavioral8
Sample
Fire.dll
Resource
win11-20231215-en
Behavioral task
behavioral9
Sample
L2.exe
Resource
win11-20231215-en
Behavioral task
behavioral10
Sample
clmods.dll
Resource
win11-20231215-en
Behavioral task
behavioral11
Sample
en-US.dll
Resource
win11-20231222-en
Behavioral task
behavioral12
Sample
l2.exe
Resource
win11-20231222-en
General
-
Target
Awesomium.dll
-
Size
20.4MB
-
MD5
b86a78256b8632cde4993321b31011aa
-
SHA1
aaa03e1a11d13e2d3e66398ed171bf9f67a08cbb
-
SHA256
ffc70911b66bf551e9c72163d45313ead78ff4b2ff2f31fc2bd63377f3a111d2
-
SHA512
7552a2e276b55e19b1ea8b9363f8071ce6dfa2f557be8fec5d0ccd079d4d6463eeeb6ff49ed53a885f4c7cb6624f5391ffaaf271057e4210447508c320a6d34e
-
SSDEEP
196608:k1WOChW71u6FkIX7c+TdVRY/JOO9RK40fCDLrZqdUszxjeVWvHi5rQJI:k1mk1l7c+TL+G2/ZKzsVWvWcI
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1364 2360 WerFault.exe rundll32.exe -
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
rundll32.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz rundll32.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 2056 wrote to memory of 2360 2056 rundll32.exe rundll32.exe PID 2056 wrote to memory of 2360 2056 rundll32.exe rundll32.exe PID 2056 wrote to memory of 2360 2056 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Awesomium.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2056 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Awesomium.dll,#12⤵
- Checks processor information in registry
PID:2360 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 6083⤵
- Program crash
PID:1364
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 352 -p 2360 -ip 23601⤵PID:1532