Resubmissions

26/02/2024, 07:27

240226-jabb1sge2s 10

23/02/2024, 05:04

240223-fqsdpabe3z 6

Analysis

  • max time kernel
    122s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23/02/2024, 05:04

General

  • Target

    npp.8.6.3.portable.x64/updater/libcurl.dll

  • Size

    728KB

  • MD5

    2d031d5f3a4e10a94b1c8297d269e2c8

  • SHA1

    dda72a32b31883ea021311a986a7166d2239cba6

  • SHA256

    afce00c928629a699b2c253f4536e23350098fa1318275fad0677c5e8b09f0b5

  • SHA512

    b18bbf6741a0149c9fc2ec6d9a7a3e684ec5bcce4ca9cb559dbac1c6fe853a4fa2d5eec3e9b9ba46fd8658be726e95a33205764fa4eb7e24060d4aae6ca11557

  • SSDEEP

    12288:GvnFnd1uk7byyzwn5l2rsc2QwEBhdoqyTvl0cWmlqhKyMv:GVekCoa5l2P2B6hdQvl03msMy

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\npp.8.6.3.portable.x64\updater\libcurl.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2460
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2460 -s 116
      2⤵
        PID:2720

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads