Overview

overview

7

Static

static

3

borlndmm.dll

windows7-x64

3

borlndmm.dll

windows10-2004-x64

1

jesus.exe

windows7-x64

1

jesus.exe

windows10-2004-x64

7

libeay32.dll

windows7-x64

1

libeay32.dll

windows10-2004-x64

1

msedge.exe

windows10-2004-x64

msedge_elf.dll

windows7-x64

3

msedge_elf.dll

windows10-2004-x64

3

ssleay32.dll

windows7-x64

1

ssleay32.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/05/2024, 02:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    msedge_elf.dll

  • Size

    4.3MB

  • MD5

    6d43d1b3fa6379bbf64a45ce54a7a3b5

  • SHA1

    dae244d869614a220f9727e0c956b6275dd9531c

  • SHA256

    5fabebcc84a80f4d72155560eb20eb401a033a49905474d4829f6e9dbf135b47

  • SHA512

    0c439ff6579e688b982fd9b97422bb13298e2d807c44ffd6058f33b7fc825fc0f031b8fc3366641b7f36e66a157c28fee3d3fdef327a8ae2f724b43565d8d879

  • SSDEEP

    49152:YYtTPjjwSg43Vhs8MJhH7kgDbwSOqC0uWpdcGBhF6Q:YePfs8M3kg/1OqCGf

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\msedge_elf.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3272
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\msedge_elf.dll,#1
      2⤵
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3940
      • C:\Program Files (x86)\Internet Explorer\ieinstal.exe
        "C:\Program Files (x86)\Internet Explorer\ieinstal.exe"
        3⤵
        • Suspicious use of SetWindowsHookEx
        PID:1440
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 756
        3⤵
        • Program crash
        PID:2300
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 3940 -ip 3940
    1⤵
      PID:1484

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1440-1-0x0000000074E00000-0x0000000075273000-memory.dmp

      Filesize

      4.4MB

      Download

    • memory/3940-0-0x0000000074E00000-0x0000000075273000-memory.dmp

      Filesize

      4.4MB

      Download