Overview

overview

7

Static

static

3

eMule0.70a...64.exe

windows10-2004-x64

7

$PLUGINSDI...ol.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

LinkCreator.exe

windows10-2004-x64

1

Uninstall.exe

windows10-2004-x64

7

eMule Light.js

windows10-2004-x64

1

eMule.js

windows10-2004-x64

1

emule.exe

windows10-2004-x64

1

lang/ar_AE.dll

windows10-2004-x64

1

lang/ba_BA.dll

windows10-2004-x64

1

lang/bg_BG.dll

windows10-2004-x64

1

lang/ca_ES.dll

windows10-2004-x64

1

lang/cz_CZ.dll

windows10-2004-x64

1

lang/da_DK.dll

windows10-2004-x64

1

lang/de_DE.dll

windows10-2004-x64

1

lang/el_GR.dll

windows10-2004-x64

1

lang/es_AS.dll

windows10-2004-x64

1

lang/es_ES_T.dll

windows10-2004-x64

1

lang/et_EE.dll

windows10-2004-x64

1

lang/fa_IR.dll

windows10-2004-x64

1

lang/fi_FI.dll

windows10-2004-x64

1

lang/fr_BR.dll

windows10-2004-x64

1

lang/fr_FR.dll

windows10-2004-x64

1

lang/gl_ES.dll

windows10-2004-x64

1

lang/he_IL.dll

windows10-2004-x64

1

lang/hu_HU.dll

windows10-2004-x64

1

lang/it_IT.dll

windows10-2004-x64

1

lang/jp_JP.dll

windows10-2004-x64

1

lang/ko_KR.dll

windows10-2004-x64

1

lang/lt_LT.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    441s
  • max time network
    1176s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-02-2024 10:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/AccessControl.dll

  • Size

    15KB

  • MD5

    d74bb4447af48da081c7d9b499f3a023

  • SHA1

    dadf6e140e6fd8e49a1851cc144bb022e0adb185

  • SHA256

    5fd5d8aec97cffaad9b7df6371b348d436cf1401e86fab614dc4cb8575428e52

  • SHA512

    9a15de5c6b08914f5e5bbc1c318fb0e84da28a316cf51ccddca8dfb64cd67b7ad06acac307b41d5086a0740055d327007ff890807d6853bb2e767179a3b3d758

  • SSDEEP

    192:0hdGZ2E0hm+Gc7ROMzCPvXWROt086dXHGrEKcDDi0b5ZsgMgiCXyo1Fp01eLLuIt:0hdGZ2E0YWV2908oj21ILud8

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\AccessControl.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\AccessControl.dll,#1
      2⤵
        PID:4448
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 612
          3⤵
          • Program crash
          PID:2968
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 4448 -ip 4448
      1⤵
        PID:4720

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads