Overview
overview
10Static
static
3b09c72bf64...57.exe
windows7-x64
10b09c72bf64...57.exe
windows10-2004-x64
10$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3Graastener...de.app
macos-10.15-amd64
1Analysis
-
max time kernel
136s -
max time network
161s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
06-02-2024 14:23
Static task
static1
Behavioral task
behavioral1
Sample
b09c72bf641ac0a02873bc9621c4985b6f9d08f41de614e33b79b91bf1f6c857.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
b09c72bf641ac0a02873bc9621c4985b6f9d08f41de614e33b79b91bf1f6c857.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20231215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20231215-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20231222-en
Behavioral task
behavioral9
Sample
Graastener/megapode.app
Resource
macos-20231201-en
General
-
Target
$PLUGINSDIR/nsDialogs.dll
-
Size
9KB
-
MD5
42b064366f780c1f298fa3cb3aeae260
-
SHA1
5b0349db73c43f35227b252b9aa6555f5ede9015
-
SHA256
c13104552b8b553159f50f6e2ca45114493397a6fa4bf2cbb960c4a2bbd349ab
-
SHA512
50d8f4f7a3ff45d5854741e7c4153fa13ee1093bafbe9c2adc60712ed2fb505c9688dd420d75aaea1b696da46b6beccc232e41388bc2a16b1f9eea1832df1cd7
-
SSDEEP
192:o68cSzvTyl4tgi8pPjQM0PuAg0YNyoIFtSP:LBSzm+t18pZ0WAg0RoIFg
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2824 4932 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3172 wrote to memory of 4932 3172 rundll32.exe rundll32.exe PID 3172 wrote to memory of 4932 3172 rundll32.exe rundll32.exe PID 3172 wrote to memory of 4932 3172 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3172 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsDialogs.dll,#12⤵PID:4932
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 6363⤵
- Program crash
PID:2824
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 4932 -ip 49321⤵PID:1656