b720aa9c58b19eec96664d807ffeef3518655dea880cdc71bbb6b037e1da7c2d

Submit
Reports

Overview

overview

Static

static

entry_1_0/...er.exe

windows7-x64

entry_1_0/...er.exe

windows10-2004-x64

$PLUGINSDI...er.dll

windows7-x64

$PLUGINSDI...er.dll

windows10-2004-x64

$PLUGINSDI...ls.dll

windows7-x64

$PLUGINSDI...ls.dll

windows10-2004-x64

$PLUGINSDI...em.dll

windows7-x64

$PLUGINSDI...em.dll

windows10-2004-x64

$PLUGINSDI...ll.dll

windows7-x64

$PLUGINSDI...ll.dll

windows10-2004-x64

Guardian Browser.exe

windows7-x64

Guardian Browser.exe

windows10-2004-x64

LICENSES.c...m.html

windows7-x64

LICENSES.c...m.html

windows10-2004-x64

d3dcompiler_47.dll

windows10-2004-x64

ffmpeg.dll

windows7-x64

ffmpeg.dll

windows10-2004-x64

libEGL.dll

windows7-x64

libEGL.dll

windows10-2004-x64

libGLESv2.dll

windows7-x64

libGLESv2.dll

windows10-2004-x64

resources/...64.exe

windows7-x64

resources/...64.exe

windows10-2004-x64

resources/...it.exe

windows7-x64

resources/...it.exe

windows10-2004-x64

resources/...dit.js

windows7-x64

resources/...dit.js

windows10-2004-x64

resources/elevate.exe

windows7-x64

resources/elevate.exe

windows10-2004-x64

vk_swiftshader.dll

windows7-x64

vk_swiftshader.dll

windows10-2004-x64

vulkan-1.dll

windows7-x64

Analysis

max time kernel
118s
max time network
129s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
10-05-2024 12:04

Sharing

Copy URL

Twitter E-mail

Static task

static1

egregor

3 signatures

Behavioral task

behavioral1

Sample

entry_1_0/installer.exe

Resource

win7-20240419-en

egregor discovery ransomware

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

entry_1_0/installer.exe

Resource

win10v2004-20240426-en

egregor discovery ransomware

windows10-2004-x64

17 signatures

150 seconds

Behavioral task

behavioral3

Sample

$PLUGINSDIR/SpiderBanner.dll

Resource

win7-20240215-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral4

Sample

$PLUGINSDIR/SpiderBanner.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral5

Sample

$PLUGINSDIR/StdUtils.dll

Resource

win7-20240508-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral6

Sample

$PLUGINSDIR/StdUtils.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral7

Sample

$PLUGINSDIR/System.dll

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral8

Sample

$PLUGINSDIR/System.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral9

Sample

$PLUGINSDIR/WinShell.dll

Resource

win7-20240221-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral10

Sample

$PLUGINSDIR/WinShell.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

2 signatures

150 seconds

Behavioral task

behavioral11

Sample

Guardian Browser.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

Guardian Browser.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral13

Sample

LICENSES.chromium.html

Resource

win7-20240508-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral14

Sample

LICENSES.chromium.html

Resource

win10v2004-20240508-en

windows10-2004-x64

6 signatures

150 seconds

Behavioral task

behavioral15

Sample

d3dcompiler_47.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral16

Sample

ffmpeg.dll

Resource

win7-20240419-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral17

Sample

ffmpeg.dll

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral18

Sample

libEGL.dll

Resource

win7-20231129-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral19

Sample

libEGL.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

libGLESv2.dll

Resource

win7-20240221-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral21

Sample

libGLESv2.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

resources/app.asar.unpacked/node_modules/rcedit/bin/rcedit-x64.exe

Resource

win7-20240508-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

resources/app.asar.unpacked/node_modules/rcedit/bin/rcedit-x64.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

resources/app.asar.unpacked/node_modules/rcedit/bin/rcedit.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

resources/app.asar.unpacked/node_modules/rcedit/bin/rcedit.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

resources/app.asar.unpacked/node_modules/rcedit/lib/rcedit.js

Resource

win7-20240508-en

execution

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral27

Sample

resources/app.asar.unpacked/node_modules/rcedit/lib/rcedit.js

Resource

win10v2004-20240426-en

execution

windows10-2004-x64

1 signatures

150 seconds

Behavioral task

behavioral28

Sample

resources/elevate.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

resources/elevate.exe

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

vk_swiftshader.dll

Resource

win7-20240220-en

windows7-x64

1 signatures

150 seconds

Behavioral task

behavioral31

Sample

vk_swiftshader.dll

Resource

win10v2004-20240426-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

vulkan-1.dll

Resource

win7-20240215-en

windows7-x64

1 signatures

150 seconds

Report Analysis Logs

General

Target

vk_swiftshader.dll
Size

4.9MB
MD5

9281a9a4a96eaa608ee657de992f5f3d
SHA1

e663c605ee7c2f79409a784a823e0dc9eebbaa0e
SHA256

c7ce4bf37998052ee3be6c36ab5a18f2fae1ae0474f3a0d0fbad2382855aeec1
SHA512

578c1ca8523a94403f6695cf4d201fc036bce75c6dabe63f57ad2b5b1aca8d32ab66ca7df8bdee84a8a7202a539995f5128a448418d07a1589837b53e40013a9
SSDEEP

49152:4dhIZFC8e/N1dUnfO2fq1LLf4+G4UrRW9yqxV11MXnPr1OTQHaA6XWVzV8Ii66US:44ZFCPFXa5MWU66UeP1WyiWj9

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 1740	1972	rundll32.exe	28
PID 1972 wrote to memory of 1740	1972	rundll32.exe	28
PID 1972 wrote to memory of 1740	1972	rundll32.exe	28

Processes

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\vk_swiftshader.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1972
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1972 -s 80
  2⤵
  PID:1740

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads