Overview

overview

7

Static

static

7

TeamViewer...64.exe

windows11-21h2-x64

4

$PLUGINSDI...64.dll

windows11-21h2-x64

3

$PLUGINSDI...ns.dll

windows11-21h2-x64

3

$PLUGINSDI...rb.dll

windows11-21h2-x64

3

$PLUGINSDI...LL.dll

windows11-21h2-x64

3

$PLUGINSDI...nu.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...on.dll

windows11-21h2-x64

3

$PLUGINSDIR/UAC.dll

windows11-21h2-x64

3

$PLUGINSDI...fo.dll

windows11-21h2-x64

3

$PLUGINSDI...Ex.dll

windows11-21h2-x64

3

$PLUGINSDI...er.dll

windows11-21h2-x64

3

$PLUGINSDI...ay.dll

windows11-21h2-x64

7

$PLUGINSDI...ec.dll

windows11-21h2-x64

3

$PLUGINSDI...7z.dll

windows11-21h2-x64

3

TVWebRTC.dll

windows11-21h2-x64

1

TeamViewer.exe

windows11-21h2-x64

7

TeamViewer...op.exe

windows11-21h2-x64

3

TeamViewer_Note.exe

windows11-21h2-x64

1

TeamViewer...ar.dll

windows11-21h2-x64

1

TeamViewer...bg.dll

windows11-21h2-x64

1

TeamViewer...cs.dll

windows11-21h2-x64

1

TeamViewer...da.dll

windows11-21h2-x64

1

TeamViewer...de.dll

windows11-21h2-x64

1

TeamViewer...el.dll

windows11-21h2-x64

1

TeamViewer...en.dll

windows11-21h2-x64

1

TeamViewer...es.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    449s
  • max time network
    1173s
  • platform
    windows11-21h2_x64
  • resource
    win11-20231215-en
  • resource tags

    arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11/02/2024, 14:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/LangDLL.dll

  • Size

    17KB

  • MD5

    74de36a674959ad2f77bc276357acacf

  • SHA1

    cdfc0ce5234f06e34c4455d6f86477d47aaa171d

  • SHA256

    a2ded8d505c9f6e3e054cd6806f6043c6b7ee1ded26591a3aeeba419c03d5506

  • SHA512

    564a85296b392dab1b2b72e414ab0b639aab5c2b789de0cbbae6bf67a2248d848cbed7803c008af2968bdcf479ebc961088e46a2c176467a66d7a59c1b600ce9

  • SSDEEP

    384:INrZBV86AQhZSf+VIYiWLrSLsgKRjsPxh8E9VF0NyE3qM:IpZL86Ap/YiWGsjsPxWEeh

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2628
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\LangDLL.dll,#1
      2⤵
        PID:132
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 132 -s 448
          3⤵
          • Program crash
          PID:4936
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 132 -ip 132
      1⤵
        PID:4968

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads