Overview
overview
7Static
static
704e6290276...f9.exe
windows7-x64
704e6290276...f9.exe
windows10-2004-x64
7$PLUGINSDI...er.dll
windows7-x64
1$PLUGINSDI...er.dll
windows10-2004-x64
1$PLUGINSDI...dl.dll
windows7-x64
3$PLUGINSDI...dl.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows7-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$PLUGINSDIR/pwgen.dll
windows7-x64
3$PLUGINSDIR/pwgen.dll
windows10-2004-x64
3Launcher.exe
windows7-x64
1Launcher.exe
windows10-2004-x64
1wget.exe
windows7-x64
7wget.exe
windows10-2004-x64
7Analysis
-
max time kernel
107s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
10-03-2024 18:12
Behavioral task
behavioral1
Sample
04e629027649a7dcf4595df3f4df38427d08d1ce2277b660e662d038b9f92df9.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
04e629027649a7dcf4595df3f4df38427d08d1ce2277b660e662d038b9f92df9.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Banner.dll
Resource
win7-20240220-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Banner.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win7-20240215-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/NSISdl.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/pwgen.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/pwgen.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral11
Sample
Launcher.exe
Resource
win7-20240220-en
Behavioral task
behavioral12
Sample
Launcher.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
wget.exe
Resource
win7-20240215-en
Behavioral task
behavioral14
Sample
wget.exe
Resource
win10v2004-20240226-en
General
-
Target
$PLUGINSDIR/pwgen.dll
-
Size
16KB
-
MD5
a555472395178ac8c733d90928e05017
-
SHA1
f44b192d66473f01a6540aaec4b6c9ac4c611d35
-
SHA256
82ae08fced4a1f9a7df123634da5f4cb12af4593a006bef421a54739a2cbd44e
-
SHA512
e6d87b030c45c655d93b2e76d7437ad900df5da2475dd2e6e28b6c872040491e80f540b00b6091d16bc8410bd58a1e82c62ee1b17193ef8500a153d4474bb80a
-
SSDEEP
96:Rb32p/4mp563gfdaDf2GEFd69qI214YgU+dXXDtFCOdd7KPcC+pyTY62l2z252NJ:YCQAED61dpEEN5VifUbw2mDG0
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2008 1868 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 5028 wrote to memory of 1868 5028 rundll32.exe rundll32.exe PID 5028 wrote to memory of 1868 5028 rundll32.exe rundll32.exe PID 5028 wrote to memory of 1868 5028 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\pwgen.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\pwgen.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 6123⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 1868 -ip 18681⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1868-0-0x0000000010000000-0x0000000010008000-memory.dmpFilesize
32KB