Overview
overview
10Static
static
10Content.Wa...ty.dll
windows7-x64
1Content.Wa...ty.dll
windows10-2004-x64
1Content.Wa...er.dll
windows7-x64
1Content.Wa...er.dll
windows10-2004-x64
1Content.Wa...me.dll
windows7-x64
1Content.Wa...me.dll
windows10-2004-x64
1Content.Wa...me.dll
windows7-x64
1Content.Wa...me.dll
windows10-2004-x64
1Content.Wa...et.dll
windows7-x64
1Content.Wa...et.dll
windows10-2004-x64
1Content.Wa...ib.dll
windows7-x64
1Content.Wa...ib.dll
windows10-2004-x64
1Content.Wa...rd.dll
windows7-x64
1Content.Wa...rd.dll
windows10-2004-x64
1Content.Wa...ld.dll
windows7-x64
1Content.Wa...ld.dll
windows10-2004-x64
1Content.Wa...me.dll
windows7-x64
1Content.Wa...me.dll
windows10-2004-x64
1Content.Wa...rp.dll
windows7-x64
1Content.Wa...rp.dll
windows10-2004-x64
1Content.Wa...In.dll
windows7-x64
1Content.Wa...In.dll
windows10-2004-x64
1Content.Wa...on.dll
windows7-x64
1Content.Wa...on.dll
windows10-2004-x64
1Content.Wa...dk.dll
windows7-x64
1Content.Wa...dk.dll
windows10-2004-x64
1Content.Wa...ed.dll
windows7-x64
1Content.Wa...ed.dll
windows10-2004-x64
1Content.Wa...pv.dll
windows7-x64
1Content.Wa...pv.dll
windows10-2004-x64
1Content.Wa...on.dll
windows7-x64
1Content.Wa...on.dll
windows10-2004-x64
1Analysis
-
max time kernel
33s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12-04-2024 22:21
Behavioral task
behavioral1
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/Zorro.PhotonUtility.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral2
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/Zorro.PhotonUtility.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/Zorro.Recorder.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral4
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/Zorro.Recorder.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/Zorro.Settings.Runtime.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral6
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/Zorro.Settings.Runtime.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/Zorro.UI.Runtime.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral8
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/Zorro.UI.Runtime.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/com.rlabrecque.steamworks.net.dll
Resource
win7-20240319-en
windows7-x64
Behavioral task
behavioral10
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/com.rlabrecque.steamworks.net.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/mscorlib.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral12
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/mscorlib.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/netstandard.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral14
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/netstandard.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/pworld.dll
Resource
win7-20240215-en
windows7-x64
Behavioral task
behavioral16
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/pworld.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/sc.posteffects.runtime.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/sc.posteffects.runtime.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/websocket-sharp.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral20
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Managed/websocket-sharp.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/AudioIn.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral22
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/AudioIn.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/audioplugin_phonon.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral24
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/audioplugin_phonon.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/discord_game_sdk.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral26
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/discord_game_sdk.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/lib_burst_generated.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral28
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/lib_burst_generated.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/opus_egpv.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/opus_egpv.dll
Resource
win10v2004-20240412-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/phonon.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral32
Sample
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/phonon.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
General
-
Target
Content.Warning.v1.9.b-0xdeadc0de/Content Warning_Data/Plugins/x86_64/audioplugin_phonon.dll
-
Size
150KB
-
MD5
268704605dd3be389db0913e48037eb6
-
SHA1
d4bd4a55e2ca6eda2b9e533fdba2033da85fea09
-
SHA256
6c3c29163bbe127a9e4a37a11bbb0b48be30567e9de58dde0f939498f0c343cf
-
SHA512
e6c5fa56051dcfc2da52ac0db36f1a9607c8fc011f810be0d217e4fb5c48cf69c701d93dade579e830892b9d0bd459eb4ca5c041762ff03d88ca5c0adbe1db1e
-
SSDEEP
3072:9SvYicJgqfiRXf15L0yeEy7jiTOMld5A0HsMcrWw5:9QvqMP15QCy+5AaWWw
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2624 wrote to memory of 2644 2624 rundll32.exe 29 PID 2624 wrote to memory of 2644 2624 rundll32.exe 29 PID 2624 wrote to memory of 2644 2624 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Content.Warning.v1.9.b-0xdeadc0de\Content Warning_Data\Plugins\x86_64\audioplugin_phonon.dll",#11⤵
- Suspicious use of WriteProcessMemory
PID:2624 -
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 2624 -s 842⤵PID:2644
-