Overview

overview

7

Static

static

3

35e10c5323...18.exe

windows7-x64

7

35e10c5323...18.exe

windows10-2004-x64

7

$(LSTR_76).exe

windows7-x64

5

$(LSTR_76).exe

windows10-2004-x64

5

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDIR/INetC.dll

windows7-x64

3

$PLUGINSDIR/INetC.dll

windows10-2004-x64

3

$PLUGINSDI...nk.dll

windows7-x64

3

$PLUGINSDI...nk.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDIR/ad.html

windows7-x64

1

$PLUGINSDIR/ad.html

windows10-2004-x64

1

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ON.dll

windows7-x64

3

$PLUGINSDI...ON.dll

windows10-2004-x64

3

$TEMP/NSIS...Ex.dll

windows7-x64

3

$TEMP/NSIS...Ex.dll

windows10-2004-x64

3

$TEMP/NSISTrigger.dll

windows7-x64

3

$TEMP/NSISTrigger.dll

windows10-2004-x64

3

CrashDumpC...or.dll

windows7-x64

1

CrashDumpC...or.dll

windows10-2004-x64

1

GOMProtect.exe

windows7-x64

1

GOMProtect.exe

windows10-2004-x64

1

GomVR.dll

windows7-x64

1

GomVR.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    11-05-2024 18:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    CrashDumpCollector.dll

  • Size

    173KB

  • MD5

    68f39c3915feaa3a5251e6be0d471b52

  • SHA1

    c902b68cc1eb5b6c62ebe7f80ca8b123ff9820c9

  • SHA256

    bd998d4f342d5db04534ae9d9c3497d2dfc701341399998f49857b048e50b83a

  • SHA512

    1018e81735ef9cb8084d43d01aebf2ffcf56c88ea1c09f7df1aa56a7c4034d70c8fc407427d28cbb24af62eb4c09a5a7d3e39aa80f0d429a75178ae9d27b579c

  • SSDEEP

    3072:IIPHanTmyMY2I28ugIs7O/6rle+qjp9fD5bM/uR+7oHMf085oGeg:7PHkTmyMdVKE/q1mXfDfAfiz

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\CrashDumpCollector.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1920
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\CrashDumpCollector.dll,#1
      2⤵
        PID:2788

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads