Overview

overview

10

Static

static

3

7bb922f344...38.exe

windows7-x64

7

7bb922f344...38.exe

windows10-2004-x64

10

$PLUGINSDI...ls.dll

windows7-x64

3

$PLUGINSDI...ls.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

BlendyGameBeta.exe

windows7-x64

1

BlendyGameBeta.exe

windows10-2004-x64

10

LICENSES.c...m.html

windows7-x64

1

LICENSES.c...m.html

windows10-2004-x64

1

d3dcompiler_47.dll

windows10-2004-x64

1

ffmpeg.dll

windows7-x64

1

ffmpeg.dll

windows10-2004-x64

1

libEGL.dll

windows7-x64

1

libEGL.dll

windows10-2004-x64

1

libGLESv2.dll

windows7-x64

1

libGLESv2.dll

windows10-2004-x64

1

resources/elevate.exe

windows7-x64

1

resources/elevate.exe

windows10-2004-x64

1

vk_swiftshader.dll

windows7-x64

1

vk_swiftshader.dll

windows10-2004-x64

1

vulkan-1.dll

windows7-x64

1

vulkan-1.dll

windows10-2004-x64

1

$PLUGINSDI...7z.dll

windows7-x64

3

$PLUGINSDI...7z.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    103s
  • max time network
    204s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/02/2024, 02:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vulkan-1.dll

  • Size

    931KB

  • MD5

    678f12a18eacfaa12f58dbdc07837715

  • SHA1

    219730f5af17ccf252fb4f3e64ad00f650c693f5

  • SHA256

    af1634ce8221a19dbe09f2713875478cfb12f5bbe5d10763c3c905f608489e49

  • SHA512

    c125f2ca6a7375754512dfdf8e2cd71f8c686fec627cf3006d9093f0c0999004b60cfb3ae025fe2fad6be89346c6e7531b8dee6da9b74a86841fe68c05495036

  • SSDEEP

    24576:lYWOq/4Kt/Ku8n3W7ecbFb6Z5WoDYsHY6g3P0zAk7sH:lY65/M3W7R56Z5WoDYsHY6g3P0zAk7s

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\vulkan-1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:536
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 536 -s 352
      2⤵
        PID:760

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads