Overview
overview
3Static
static
3�...ad.dll
windows7-x64
1�...ad.dll
windows10-2004-x64
1�...ib.dll
windows7-x64
1�...ib.dll
windows10-2004-x64
1�...ui.dll
windows7-x64
1�...ui.dll
windows10-2004-x64
1�...nv.dll
windows7-x64
1�...nv.dll
windows10-2004-x64
1�...ln.dll
windows7-x64
1�...ln.dll
windows10-2004-x64
1�...p3.dll
windows7-x64
1�...p3.dll
windows10-2004-x64
3�...ec.dll
windows7-x64
1�...ec.dll
windows10-2004-x64
1�...��.exe
windows7-x64
1�...��.exe
windows10-2004-x64
1Analysis
-
max time kernel
138s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
23-03-2024 12:59
Behavioral task
behavioral1
Sample
DJ/EThread.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
DJ/EThread.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral3
Sample
DJ/downlib.dll
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
DJ/downlib.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
DJ/exui.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
DJ/exui.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
DJ/iconv.dll
Resource
win7-20240220-en
Behavioral task
behavioral8
Sample
DJ/iconv.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral9
Sample
DJ/krnln.dll
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
DJ/krnln.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
DJ/mp3.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
DJ/mp3.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
DJ/spec.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
DJ/spec.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral15
Sample
DJ/DJֺ.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
DJ/DJֺ.exe
Resource
win10v2004-20240319-en
General
-
Target
DJ/mp3.dll
-
Size
184KB
-
MD5
4ea6c6b972965aa0a0f11515ec46ec0c
-
SHA1
114f24efb002d64b93357c718167ba018a00b579
-
SHA256
58e5d6246a0555c2afeeac51ae12ecda459f377e87b92cb4d7a0ddc055abbbca
-
SHA512
3d62dd4101c9211e21f049655a058f093a27f495f9a1cd1095ecbb50e3c75bffd26d1df7b921b1dedbc29bddd6381a720c7e66f377588b5f39b140bed8d4e4a2
-
SSDEEP
3072:XC7rDdCjvp+2YHLwaJ0Kq0o0PC+53fDIwryoCjD7CHNPBlBIiArBaKw4N7ksVe6i:J+9fGoi/biAea7ksVsUm3WgndlAU
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 3460 4464 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 1892 wrote to memory of 4464 1892 rundll32.exe rundll32.exe PID 1892 wrote to memory of 4464 1892 rundll32.exe rundll32.exe PID 1892 wrote to memory of 4464 1892 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\DJ\mp3.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1892 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\DJ\mp3.dll,#12⤵PID:4464
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 6483⤵
- Program crash
PID:3460
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4464 -ip 44641⤵PID:3796
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3252 --field-trial-handle=2588,i,4353937220825226770,7138584070663735671,262144 --variations-seed-version /prefetch:81⤵PID:2688