Overview
overview
8Static
static
3bVPN_1_7_0_setup.exe
windows10-2004-x64
8$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...on.dll
windows10-2004-x64
3$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3QtCore4.dll
windows10-2004-x64
3QtGui4.dll
windows10-2004-x64
3QtNetwork4.dll
windows10-2004-x64
3bvpn.exe
windows10-2004-x64
1debug_helper.exe
windows10-2004-x64
1iwasel_pro...er.exe
windows10-2004-x64
1libeay32.dll
windows10-2004-x64
1msvcp100.dll
windows10-2004-x64
3msvcr100.dll
windows10-2004-x64
3openvpn/libeay32.dll
windows10-2004-x64
1openvpn/li...-1.dll
windows10-2004-x64
3openvpn/libssl32.dll
windows10-2004-x64
1openvpn/lzo2.dll
windows10-2004-x64
1openvpn/msvcr90.dll
windows10-2004-x64
1openvpn/openvpn.exe
windows10-2004-x64
1openvpn/ssleay32.dll
windows10-2004-x64
1openvpn/ta...01.sys
windows10-2004-x64
1openvpn/ta...ll.exe
windows10-2004-x64
1openvpn/ta...01.sys
windows10-2004-x64
1openvpn/ta...ll.exe
windows10-2004-x64
1plugins/im...o4.dll
windows10-2004-x64
1qjson0.dll
windows10-2004-x64
3qssh2.dll
windows10-2004-x64
3quazip.dll
windows10-2004-x64
3ssleay32.dll
windows10-2004-x64
1Analysis
-
max time kernel
1700s -
max time network
1173s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
14-04-2024 19:58
Static task
static1
Behavioral task
behavioral1
Sample
bVPN_1_7_0_setup.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/FindProcDLL.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/GetVersion.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/LangDLL.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral8
Sample
QtCore4.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
QtGui4.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral10
Sample
QtNetwork4.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
bvpn.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral12
Sample
debug_helper.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral13
Sample
iwasel_pro_updater.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral14
Sample
libeay32.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral15
Sample
msvcp100.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral16
Sample
msvcr100.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral17
Sample
openvpn/libeay32.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral18
Sample
openvpn/libpkcs11-helper-1.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral19
Sample
openvpn/libssl32.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral20
Sample
openvpn/lzo2.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral21
Sample
openvpn/msvcr90.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral22
Sample
openvpn/openvpn.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral23
Sample
openvpn/ssleay32.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral24
Sample
openvpn/tap/win32/tap0901.sys
Resource
win10v2004-20240412-en
Behavioral task
behavioral25
Sample
openvpn/tap/win32/tapinstall.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral26
Sample
openvpn/tap/win64/tap0901.sys
Resource
win10v2004-20240412-en
Behavioral task
behavioral27
Sample
openvpn/tap/win64/tapinstall.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral28
Sample
plugins/imageformats/qico4.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral29
Sample
qjson0.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral30
Sample
qssh2.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral31
Sample
quazip.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral32
Sample
ssleay32.dll
Resource
win10v2004-20240412-en
General
-
Target
QtGui4.dll
-
Size
8.2MB
-
MD5
7a2829da1f1f4112d984a13bc71b95f5
-
SHA1
5020a69619da503e44991a1da3ec84bdf963d9b4
-
SHA256
cfd06dea104f9c3580fab2f5d64019829b056e55d44695764521011abfe946d4
-
SHA512
5f0f72884e1fb491403e99ec2a1dc900873480f9ee4a648b9cfc23d0004f4758867757b98191d3892ad342c585ecd75b0dbfa5416a02955d6ef52e99c5fdbc4c
-
SSDEEP
98304:yxyhZcJJbOVZCAUSORHQQwkwPG1d0y+SzOyG5F4bVBm6Qa8vIEcw3:yxkZclAUTH/wkSGmWBKIE
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4964 4424 WerFault.exe 84 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4972 wrote to memory of 4424 4972 rundll32.exe 84 PID 4972 wrote to memory of 4424 4972 rundll32.exe 84 PID 4972 wrote to memory of 4424 4972 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\QtGui4.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4972 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\QtGui4.dll,#12⤵PID:4424
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 6923⤵
- Program crash
PID:4964
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4424 -ip 44241⤵PID:4960