Overview
overview
10Static
static
3e6516d2911...ca.exe
windows7-x64
10e6516d2911...ca.exe
windows10-2004-x64
7$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3uninstall.exe
windows7-x64
7uninstall.exe
windows10-2004-x64
7Analysis
-
max time kernel
6s -
max time network
2s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
23-04-2024 06:13
Static task
static1
Behavioral task
behavioral1
Sample
e6516d2911fc3378903b396b1b3ec97ddd497a1e8b974b531b1f140a485d39ca.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e6516d2911fc3378903b396b1b3ec97ddd497a1e8b974b531b1f140a485d39ca.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
uninstall.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
uninstall.exe
Resource
win10v2004-20240412-en
General
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
a09bcf528d02f89f9befa78937ca7d7b
-
SHA1
3cbcb0fdc32a8f21d6d557cc4c3bb6c4ee246b6f
-
SHA256
5a31abf36c0ed5e74295b7d7db5a2b09d8aa308483612b7b0bc04771000ac8ad
-
SHA512
ad4bbc478c028d4b8b890ea60a26ecae1c0dfacad872d150bfb1c334d7f52f2963123c45cef4ee0d773d9b3e143dde2c3d8da92ea9f703e44c5ee873a873b95c
-
SSDEEP
96:QgiqVPb3X8K8Kdr3gEq6nNdMk6Qiw290+q6LDtJ1tT3hhEl7y:QgiqVPgK8K9eIdE9B/tThg7
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2792 1108 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2924 wrote to memory of 1108 2924 rundll32.exe rundll32.exe PID 2924 wrote to memory of 1108 2924 rundll32.exe rundll32.exe PID 2924 wrote to memory of 1108 2924 rundll32.exe rundll32.exe PID 2924 wrote to memory of 1108 2924 rundll32.exe rundll32.exe PID 2924 wrote to memory of 1108 2924 rundll32.exe rundll32.exe PID 2924 wrote to memory of 1108 2924 rundll32.exe rundll32.exe PID 2924 wrote to memory of 1108 2924 rundll32.exe rundll32.exe PID 1108 wrote to memory of 2792 1108 rundll32.exe WerFault.exe PID 1108 wrote to memory of 2792 1108 rundll32.exe WerFault.exe PID 1108 wrote to memory of 2792 1108 rundll32.exe WerFault.exe PID 1108 wrote to memory of 2792 1108 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StartMenu.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StartMenu.dll,#12⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 2243⤵
- Program crash