Overview
overview
10Static
static
3e6516d2911...ca.exe
windows7-x64
10e6516d2911...ca.exe
windows10-2004-x64
7$PLUGINSDI...nu.dll
windows7-x64
3$PLUGINSDI...nu.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3uninstall.exe
windows7-x64
7uninstall.exe
windows10-2004-x64
7Analysis
-
max time kernel
141s -
max time network
124s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
23-04-2024 06:13
Static task
static1
Behavioral task
behavioral1
Sample
e6516d2911fc3378903b396b1b3ec97ddd497a1e8b974b531b1f140a485d39ca.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
e6516d2911fc3378903b396b1b3ec97ddd497a1e8b974b531b1f140a485d39ca.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win7-20231129-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/StartMenu.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240412-en
Behavioral task
behavioral9
Sample
uninstall.exe
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
uninstall.exe
Resource
win10v2004-20240412-en
General
-
Target
$PLUGINSDIR/StartMenu.dll
-
Size
7KB
-
MD5
a09bcf528d02f89f9befa78937ca7d7b
-
SHA1
3cbcb0fdc32a8f21d6d557cc4c3bb6c4ee246b6f
-
SHA256
5a31abf36c0ed5e74295b7d7db5a2b09d8aa308483612b7b0bc04771000ac8ad
-
SHA512
ad4bbc478c028d4b8b890ea60a26ecae1c0dfacad872d150bfb1c334d7f52f2963123c45cef4ee0d773d9b3e143dde2c3d8da92ea9f703e44c5ee873a873b95c
-
SSDEEP
96:QgiqVPb3X8K8Kdr3gEq6nNdMk6Qiw290+q6LDtJ1tT3hhEl7y:QgiqVPgK8K9eIdE9B/tThg7
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4932 3324 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4996 wrote to memory of 3324 4996 rundll32.exe rundll32.exe PID 4996 wrote to memory of 3324 4996 rundll32.exe rundll32.exe PID 4996 wrote to memory of 3324 4996 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StartMenu.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\StartMenu.dll,#12⤵
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 6123⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3324 -ip 33241⤵