Overview

overview

3

Static

static

10

fagality.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    52s
  • max time network
    54s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • submitted
    09/05/2024, 10:32 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fagality.dll

  • Size

    36.1MB

  • MD5

    38bf550f8d73ea9791d7778d9b6b44a8

  • SHA1

    67bf70a4d78f9f18b1af30cd9c85c632b52188c1

  • SHA256

    ed6566cd8828d0d9a7bd2bd7731df7703977d9b18fa7ede31bb8b1835b12da78

  • SHA512

    cfff6d55b90a42be22d09aaf30eed718b71fff8bfddab2404e968359a18ab8aec679a4ca85e144d3527602fd515a03724e897addd68865e796b0a387f582fd7f

  • SSDEEP

    393216:g4S82OrtN+zJkGsF20dH5ZXtpKjzw1QxgvLqmNAmjpy:7OOrtN+zJkGsF2OZZXuv4GcLjp

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\fagality.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2396
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\fagality.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3336
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 544
        3⤵
        • Program crash
        PID:2352
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 792
        3⤵
        • Program crash
        PID:4444
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3336 -ip 3336
    1⤵
      PID:1152
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3888,i,13281073920029625837,8253721632651544158,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:8
      1⤵
        PID:856
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 3336 -ip 3336
        1⤵
          PID:2736

        Network

        • flag-us
          DNS
          64.159.190.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          64.159.190.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          8.8.8.8.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          8.8.8.8.in-addr.arpa
          IN PTR
          Response
          8.8.8.8.in-addr.arpa
          IN PTR
          dnsgoogle
        • flag-us
          DNS
          183.59.114.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          183.59.114.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          198.187.3.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          198.187.3.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          139.53.16.96.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          139.53.16.96.in-addr.arpa
          IN PTR
          Response
          139.53.16.96.in-addr.arpa
          IN PTR
          a96-16-53-139deploystaticakamaitechnologiescom
        • flag-us
          DNS
          30.243.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          30.243.111.52.in-addr.arpa
          IN PTR
          Response
        No results found
        • 8.8.8.8:53
          64.159.190.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          64.159.190.20.in-addr.arpa

        • 8.8.8.8:53
          8.8.8.8.in-addr.arpa
          dns
          66 B
           90 B
           1
          1

          DNS Request

          8.8.8.8.in-addr.arpa

        • 8.8.8.8:53
          183.59.114.20.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          183.59.114.20.in-addr.arpa

        • 8.8.8.8:53
          198.187.3.20.in-addr.arpa
          dns
          71 B
           157 B
           1
          1

          DNS Request

          198.187.3.20.in-addr.arpa

        • 8.8.8.8:53
          139.53.16.96.in-addr.arpa
          dns
          71 B
           135 B
           1
          1

          DNS Request

          139.53.16.96.in-addr.arpa

        • 8.8.8.8:53
          30.243.111.52.in-addr.arpa
          dns
          72 B
           158 B
           1
          1

          DNS Request

          30.243.111.52.in-addr.arpa

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.