Overview
overview
10Static
static
100490e8427a...c7.elf
ubuntu-18.04-amd64
0490e8427a...c7.elf
debian-9-armhf
0490e8427a...c7.elf
debian-9-mips
0490e8427a...c7.elf
debian-9-mipsel
068428a4ac...26.exe
windows7-x64
1068428a4ac...26.exe
windows10-2004-x64
1087421ac22...94.elf
debian-9-mipsel
100c4791a6b4...ea.elf
debian-9-armhf
100d9bd2ae2e...ea.exe
windows7-x64
100d9bd2ae2e...ea.exe
windows10-2004-x64
70fa00d4f4f...70.dll
windows7-x64
10fa00d4f4f...70.dll
windows10-2004-x64
110de02fec8...d1.bat
windows7-x64
110de02fec8...d1.bat
windows10-2004-x64
81157191701...32.exe
windows7-x64
71157191701...32.exe
windows10-2004-x64
1016e81343ec...a5.exe
windows7-x64
716e81343ec...a5.exe
windows10-2004-x64
717691f0962...b7.elf
debian-9-mipsel
717c24104e8...12.exe
windows7-x64
317c24104e8...12.exe
windows10-2004-x64
3$PLUGINSDI...ol.dll
windows7-x64
3$PLUGINSDI...ol.dll
windows10-2004-x64
3$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
3CommandPost.exe
windows7-x64
3CommandPost.exe
windows10-2004-x64
3Uninstall.exe
windows7-x64
7Uninstall.exe
windows10-2004-x64
7$PLUGINSDI...ss.dll
windows7-x64
3$PLUGINSDI...ss.dll
windows10-2004-x64
31816cd993d...28.exe
windows7-x64
7Resubmissions
22-04-2024 22:02
240422-1xtwbagh68 1022-04-2024 19:25
240422-x42b7afa68 1019-04-2024 03:02
240419-djmthsfh8w 10Analysis
-
max time kernel
119s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
19-04-2024 03:02
Static task
static1
Behavioral task
behavioral1
Sample
0490e8427ac66951389e11dbd990c19cb1ee43102c33935b12db6a4eca7717c7.elf
Resource
ubuntu1804-amd64-20240226-en
Behavioral task
behavioral2
Sample
0490e8427ac66951389e11dbd990c19cb1ee43102c33935b12db6a4eca7717c7.elf
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral3
Sample
0490e8427ac66951389e11dbd990c19cb1ee43102c33935b12db6a4eca7717c7.elf
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral4
Sample
0490e8427ac66951389e11dbd990c19cb1ee43102c33935b12db6a4eca7717c7.elf
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral5
Sample
068428a4acb65807251b3b4c0aee2101519fdaebf6db5376863da5add3471f26.exe
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
068428a4acb65807251b3b4c0aee2101519fdaebf6db5376863da5add3471f26.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
087421ac222e935579dfd3b7a5120451fd9d9a663d3d1872c04b6154b238c894.elf
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral8
Sample
0c4791a6b47491a0c43cea0ba54357e391a3c8b23aa28025489bbe43bb9ea6ea.elf
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral9
Sample
0d9bd2ae2e4b023047b6c08684e9e5daae76e31cced4c3fdf4640136245f7eea.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
0d9bd2ae2e4b023047b6c08684e9e5daae76e31cced4c3fdf4640136245f7eea.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
0fa00d4f4f8e8449883aef7f0459a0fb754d57d55af2b41f5e445f867000fa70.dll
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
0fa00d4f4f8e8449883aef7f0459a0fb754d57d55af2b41f5e445f867000fa70.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral13
Sample
10de02fec8ac3edbf1398e6dd43ddec95a89e0499e1e865a7d9e5289fb2b31d1.bat
Resource
win7-20240319-en
Behavioral task
behavioral14
Sample
10de02fec8ac3edbf1398e6dd43ddec95a89e0499e1e865a7d9e5289fb2b31d1.bat
Resource
win10v2004-20240412-en
Behavioral task
behavioral15
Sample
11571917015adbf3b5196509e1082c8d415f011cce88bd8b16e9d9c5a39ac432.exe
Resource
win7-20240221-en
Behavioral task
behavioral16
Sample
11571917015adbf3b5196509e1082c8d415f011cce88bd8b16e9d9c5a39ac432.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral17
Sample
16e81343ecea6082d76bf1ab26818c3bf56929c92468fae8837c6384b62d05a5.exe
Resource
win7-20231129-en
Behavioral task
behavioral18
Sample
16e81343ecea6082d76bf1ab26818c3bf56929c92468fae8837c6384b62d05a5.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral19
Sample
17691f0962027e7110f727ae997f8af5885dd783674d1db023d467ec478515b7.elf
Resource
debian9-mipsel-20240226-en
Behavioral task
behavioral20
Sample
17c24104e8e5350eeb7e2a162dec3f6a4d6c70f3f0849e6346fd383d998dcc12.exe
Resource
win7-20240221-en
Behavioral task
behavioral21
Sample
17c24104e8e5350eeb7e2a162dec3f6a4d6c70f3f0849e6346fd383d998dcc12.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral22
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
$PLUGINSDIR/AccessControl.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral24
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20240319-en
Behavioral task
behavioral25
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral26
Sample
CommandPost.exe
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
CommandPost.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral28
Sample
Uninstall.exe
Resource
win7-20240221-en
Behavioral task
behavioral29
Sample
Uninstall.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral30
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win7-20240221-en
Behavioral task
behavioral31
Sample
$PLUGINSDIR/nsProcess.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral32
Sample
1816cd993ddda970b791b090e6ecb501ef923bdcc0cc5f4a99e18dcdb7093228.exe
Resource
win7-20231129-en
General
-
Target
$PLUGINSDIR/AccessControl.dll
-
Size
15KB
-
MD5
d74bb4447af48da081c7d9b499f3a023
-
SHA1
dadf6e140e6fd8e49a1851cc144bb022e0adb185
-
SHA256
5fd5d8aec97cffaad9b7df6371b348d436cf1401e86fab614dc4cb8575428e52
-
SHA512
9a15de5c6b08914f5e5bbc1c318fb0e84da28a316cf51ccddca8dfb64cd67b7ad06acac307b41d5086a0740055d327007ff890807d6853bb2e767179a3b3d758
-
SSDEEP
192:0hdGZ2E0hm+Gc7ROMzCPvXWROt086dXHGrEKcDDi0b5ZsgMgiCXyo1Fp01eLLuIt:0hdGZ2E0YWV2908oj21ILud8
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 1932 2356 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2088 wrote to memory of 2356 2088 rundll32.exe rundll32.exe PID 2088 wrote to memory of 2356 2088 rundll32.exe rundll32.exe PID 2088 wrote to memory of 2356 2088 rundll32.exe rundll32.exe PID 2088 wrote to memory of 2356 2088 rundll32.exe rundll32.exe PID 2088 wrote to memory of 2356 2088 rundll32.exe rundll32.exe PID 2088 wrote to memory of 2356 2088 rundll32.exe rundll32.exe PID 2088 wrote to memory of 2356 2088 rundll32.exe rundll32.exe PID 2356 wrote to memory of 1932 2356 rundll32.exe WerFault.exe PID 2356 wrote to memory of 1932 2356 rundll32.exe WerFault.exe PID 2356 wrote to memory of 1932 2356 rundll32.exe WerFault.exe PID 2356 wrote to memory of 1932 2356 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\AccessControl.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2088 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\AccessControl.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2356 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 2243⤵
- Program crash
PID:1932
-
-