Overview

overview

7

Static

static

3

SecuriteIn...57.exe

windows7-x64

7

SecuriteIn...57.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/nsDui.dll

windows7-x64

3

$PLUGINSDIR/nsDui.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

FLiNGTrainer.exe

windows7-x64

3

FLiNGTrainer.exe

windows10-2004-x64

3

InstallReport.dll

windows7-x64

1

InstallReport.dll

windows10-2004-x64

1

libReportParam2.dll

windows7-x64

3

libReportParam2.dll

windows10-2004-x64

3

node.dll

windows7-x64

3

node.dll

windows10-2004-x64

3

starterHelper64.exe

windows7-x64

1

starterHelper64.exe

windows10-2004-x64

1

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/nsDui.dll

windows7-x64

3

$PLUGINSDIR/nsDui.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    135s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/05/2024, 04:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    node.dll

  • Size

    27.4MB

  • MD5

    e72ab2ff248d357f174a0c9aea8ed62d

  • SHA1

    265fa9e6bf132ac7c878ec5fe5f94b2bf614ee4a

  • SHA256

    5e5f7dc818f37cfa8fab811c68377c6c160f1b7e8eaa2e3567f17e5649874de7

  • SHA512

    f50aa36c771da5fbfc69749dca8b18b6089d9f051b9dda6e0bfc18a314990cad4f480aba3333d05f570805319650db9c53331fab0bc208e6e2ffb7e8f8596c1b

  • SSDEEP

    393216:JBc8TUOnHtNBu5zKmKa7p6cUv9LPZk8+uTo3rA:Jq8TUOnHtNBu5zKkp61vpBk7uMb

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\node.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4808
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\node.dll,#1
      2⤵
        PID:2580
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 680
          3⤵
          • Program crash
          PID:2068
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 2580 -ip 2580
      1⤵
        PID:4980

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads