Overview

overview

10

Static

static

3

05167b6746...18.exe

windows7-x64

10

05167b6746...18.exe

windows10-2004-x64

8

$PLUGINSDI...aX.dll

windows7-x64

1

$PLUGINSDI...aX.dll

windows10-2004-x64

1

$PLUGINSDI...uo.dll

windows7-x64

1

$PLUGINSDI...uo.dll

windows10-2004-x64

1

$PLUGINSDI...Ny.dll

windows7-x64

1

$PLUGINSDI...Ny.dll

windows10-2004-x64

1

$TEMP/oGcmpKezXmV.js

windows7-x64

1

$TEMP/oGcmpKezXmV.js

windows10-2004-x64

1

Analysis

  • max time kernel
    134s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-04-2024 11:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/OkXQbfVygaX.dll

  • Size

    452KB

  • MD5

    57c38bcbce8a3c44d744d582adc87f54

  • SHA1

    5d6478d9b9000a3504fdf26fdec05d0e18ba0c92

  • SHA256

    915ae398218b61dcb81623857d1043abbec9a4a69b235a588ab504487e7f69f6

  • SHA512

    eb9af37e6cd2b88660c8c53b5d52b5e604e5dceb0f0ba79f2852bb3a9e466f57dfe17a27a35f7a80f69f63d6bbd237b2907e0cf218fb3be52f41660d0e8bc98c

  • SSDEEP

    6144:4hE6F6aCBaFStIszVXt5n14w42eT4X08vUuMVr:4+0MKsz5nb42eTo0zVr

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\OkXQbfVygaX.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3316
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\OkXQbfVygaX.dll,#1
      2⤵
        PID:1524

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads