Overview
overview
7Static
static
3EOSSDK-Win...ng.dll
windows10-2004-x64
3OpenAL32.dll
windows10-2004-x64
1discord_game_sdk.dll
windows10-2004-x64
1nvmp/CrashRpt1403.dll
windows10-2004-x64
1nvmp/Crash...03.exe
windows10-2004-x64
1nvmp/client.dll
windows10-2004-x64
1nvmp/res/r...86.exe
windows10-2004-x64
7nvmp/steam_api.dll
windows10-2004-x64
1nvmp_launcher.exe
windows10-2004-x64
3nvmp_start.exe
windows10-2004-x64
1nvmp_storyserver.exe
windows10-2004-x64
1Analysis
-
max time kernel
246s -
max time network
305s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20/04/2024, 10:07
Static task
static1
Behavioral task
behavioral1
Sample
EOSSDK-Win32-Shipping.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral2
Sample
OpenAL32.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
discord_game_sdk.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral4
Sample
nvmp/CrashRpt1403.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
nvmp/CrashSender1403.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral6
Sample
nvmp/client.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
nvmp/res/redist/vc_redist.x86.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral8
Sample
nvmp/steam_api.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
nvmp_launcher.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral10
Sample
nvmp_start.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral11
Sample
nvmp_storyserver.exe
Resource
win10v2004-20240412-en
General
-
Target
OpenAL32.dll
-
Size
616KB
-
MD5
e470a54ed520301dedec87c9db7539e3
-
SHA1
fe7fbb11d731e1ea67fe38cee3436b0dcbc240df
-
SHA256
49f0b67af1341f69cec41940529c0ef551420282f471f0f869f89cc4ab6357c7
-
SHA512
522448047c564a91734bafa3629ff6ab2697a560927016f522397a1431a1e735c09c1ad6a360fab2266fae063f05087f073ec6a0fddadafc20ebd5c7712bbc20
-
SSDEEP
12288:PsmFzEdFKWRcDGqZagU7YLvAmvUCyc54j/XPlJtsMPsj+e:PXzKKjAGAuUxj/9JtsMC
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3976 wrote to memory of 552 3976 rundll32.exe 83 PID 3976 wrote to memory of 552 3976 rundll32.exe 83 PID 3976 wrote to memory of 552 3976 rundll32.exe 83