Overview

overview

7

Static

static

3

$RON9VYX.exe

windows7-x64

7

$RON9VYX.exe

windows10-2004-x64

4

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/UAC.dll

windows7-x64

3

$PLUGINSDIR/UAC.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...id.dll

windows7-x64

3

$PLUGINSDI...id.dll

windows10-2004-x64

3

$R0.dll

windows7-x64

1

$R0.dll

windows10-2004-x64

1

$R2/NSIS.L...0_.exe

windows7-x64

1

$R2/NSIS.L...0_.exe

windows10-2004-x64

1

GPL.html

windows7-x64

1

GPL.html

windows10-2004-x64

1

filezilla.exe

windows7-x64

7

filezilla.exe

windows10-2004-x64

7

fzputtygen.exe

windows7-x64

1

fzputtygen.exe

windows10-2004-x64

1

fzsftp.exe

windows7-x64

1

fzsftp.exe

windows10-2004-x64

1

fzstorj.exe

windows7-x64

1

fzstorj.exe

windows10-2004-x64

1

libfilezilla-43.dll

windows7-x64

1

libfilezilla-43.dll

windows10-2004-x64

1

libfzclien...-0.dll

windows7-x64

1

libfzclien...-0.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    140s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    08-05-2024 15:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    libfzclient-commonui-private-3-67-0.dll

  • Size

    611KB

  • MD5

    bcb38d316fbaea52928113c15d34e4f9

  • SHA1

    aa9acb9b154e9e9bc9142fd72f395b2c5ec6c645

  • SHA256

    204f83f6bbdb707ddad08949403512035f30c10dea6f034b2d41c065f0255f3e

  • SHA512

    d962d466ab4af8d9434d4ed1888331effaf6a1a0dc5d091c01a054c50283c7a739bfb615b762e1e806a9a70f8451d08e5ffdaba3393fabf6f2a6c878fa4e19f0

  • SSDEEP

    6144:7c1+MmxFlHVyQdpwaWJ8eho2e3zrJ2gLo4MVnmmaPyq8ub0LqDnKw37gn4+tc1Hp:+mxFl1yQpSgJgjVmPPygUoKw37f+tcCE

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\libfzclient-commonui-private-3-67-0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1888
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1888 -s 192
      2⤵
        PID:2948

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1888-2-0x000007FEF6440000-0x000007FEF652F000-memory.dmp

      Filesize

      956KB

      Download

    • memory/1888-3-0x000007FEF5EB0000-0x000007FEF5F54000-memory.dmp

      Filesize

      656KB

      Download

    • memory/1888-1-0x000007FEF5F60000-0x000007FEF60BD000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/1888-7-0x000007FEF7280000-0x000007FEF72A1000-memory.dmp

      Filesize

      132KB

      Download

    • memory/1888-8-0x000007FEF5AA0000-0x000007FEF5C87000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/1888-6-0x000007FEF72B0000-0x000007FEF7305000-memory.dmp

      Filesize

      340KB

      Download

    • memory/1888-5-0x000007FEF7E90000-0x000007FEF7ED9000-memory.dmp

      Filesize

      292KB

      Download

    • memory/1888-4-0x000007FEF5C90000-0x000007FEF5EA3000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/1888-0-0x000007FEF71D0000-0x000007FEF726E000-memory.dmp

      Filesize

      632KB

      Download