Overview

overview

8

Static

static

3

winamp_lat...ll.exe

windows7-x64

8

winamp_lat...ll.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ch.dll

windows7-x64

3

$PLUGINSDI...ch.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...os.dll

windows7-x64

3

$PLUGINSDI...os.dll

windows10-2004-x64

3

$PLUGINSDI...ip.dll

windows7-x64

3

$PLUGINSDI...ip.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...mp.dll

windows7-x64

3

$PLUGINSDI...mp.dll

windows10-2004-x64

3

$PLUGINSDI...dl.dll

windows7-x64

3

$PLUGINSDI...dl.dll

windows10-2004-x64

3

Components/ssdp.dll

windows7-x64

1

Components/ssdp.dll

windows10-2004-x64

1

Elevator.exe

windows7-x64

1

Elevator.exe

windows10-2004-x64

1

Microsoft....40.dll

windows7-x64

3

Microsoft....40.dll

windows10-2004-x64

3

Microsoft....40.dll

windows7-x64

3

Microsoft....40.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    1565s
  • max time network
    1177s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-03-2024 16:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/execDos.dll

  • Size

    5KB

  • MD5

    0deb397ca1e716bb7b15e1754e52b2ac

  • SHA1

    fbb9bcf872c5dbb4ca4c80fb21d41519bc273ef5

  • SHA256

    720be35cd1b4a333264713dc146b4ad024f3a7ad0644c2d8c6fcedd3c30e8a1f

  • SHA512

    507db0bee0897660750007e7ce674406acf9e8bf942cf26ded5654c07682757b07c9eb767bead0966478abc554dc9a6461c4288dc35d12cacfadad4c128f1bb7

  • SSDEEP

    96:J++xDiP4p7t7dNOt3stxtRFFXxGD6qxlnKE6ttdH3r3:Rx9pJ7jQs5toD6Cln/6tt1

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\execDos.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3280
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\execDos.dll,#1
      2⤵
        PID:1460
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 608
          3⤵
          • Program crash
          PID:4884
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 1460 -ip 1460
      1⤵
        PID:4148
      • C:\Windows\system32\rundll32.exe
        "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
        1⤵
          PID:2560
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k UnistackSvcGroup
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:4164

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
          Filesize

          16KB

          MD5

          2b46e8d7ce84a4103a82826606ce11ea

          SHA1

          4cae40f06aaaa8079800ff0ff910e206e6b3a92d

          SHA256

          86913aaa65f1623bca515f58eba2fdfce867c97b98f1599a0012b817785778ac

          SHA512

          cade6579f8e749b29c7f232834347cc7916b0d086088880b93c371ebbdc089accc8a3cd788545bedb18f4bd32d3c2380217726aa0dc364fe83d59ea20dee3ae8

          Download Submit

        • memory/4164-40-0x000001C1CEFE0000-0x000001C1CEFE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-33-0x000001C1CEFE0000-0x000001C1CEFE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-42-0x000001C1CEFE0000-0x000001C1CEFE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-34-0x000001C1CEFE0000-0x000001C1CEFE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-35-0x000001C1CEFE0000-0x000001C1CEFE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-36-0x000001C1CEFE0000-0x000001C1CEFE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-37-0x000001C1CEFE0000-0x000001C1CEFE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-38-0x000001C1CEFE0000-0x000001C1CEFE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-43-0x000001C1CED00000-0x000001C1CED01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-0-0x000001C1C6A40000-0x000001C1C6A50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4164-68-0x000001C1CEF50000-0x000001C1CEF51000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-32-0x000001C1CEFB0000-0x000001C1CEFB1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-39-0x000001C1CEFE0000-0x000001C1CEFE1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-44-0x000001C1CECF0000-0x000001C1CECF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-46-0x000001C1CED00000-0x000001C1CED01000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-49-0x000001C1CECF0000-0x000001C1CECF1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-52-0x000001C1C63F0000-0x000001C1C63F1000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-16-0x000001C1C6B40000-0x000001C1C6B50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4164-64-0x000001C1CEE30000-0x000001C1CEE31000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-66-0x000001C1CEE40000-0x000001C1CEE41000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-67-0x000001C1CEE40000-0x000001C1CEE41000-memory.dmp

          Filesize

          4KB

          Download

        • memory/4164-41-0x000001C1CEFE0000-0x000001C1CEFE1000-memory.dmp

          Filesize

          4KB

          Download