Overview
overview
3Static
static
3x86/api-ms...-0.dll
windows10-2004-x64
1x86/api-ms...-0.dll
windows10-2004-x64
3x86/api-ms...-0.dll
windows10-2004-x64
1x86/api-ms...-0.dll
windows10-2004-x64
1x86/api-ms...-0.dll
windows10-2004-x64
3x86/api-ms...-0.dll
windows10-2004-x64
3x86/api-ms...-0.dll
windows10-2004-x64
1x86/api-ms...-0.dll
windows10-2004-x64
1x86/api-ms...-0.dll
windows10-2004-x64
1x86/api-ms...-0.dll
windows10-2004-x64
3x86/api-ms...-0.dll
windows10-2004-x64
1x86/api-ms...-0.dll
windows10-2004-x64
1x86/api-ms...-0.dll
windows10-2004-x64
1x86/api-ms...-0.dll
windows10-2004-x64
1x86/api-ms...-0.dll
windows10-2004-x64
1x86/api-ms...-0.dll
windows10-2004-x64
1x86/dbghelp.dll
windows7-x64
1x86/dbghelp.dll
windows10-2004-x64
1x86/embedd...xy.dll
windows7-x64
1x86/embedd...xy.dll
windows10-2004-x64
1x86/encoder.dll
windows7-x64
1x86/encoder.dll
windows10-2004-x64
1x86/expatai.dll
windows7-x64
3x86/expatai.dll
windows10-2004-x64
3x86/gameratings.dll
windows7-x64
1x86/gameratings.dll
windows10-2004-x64
1x86/msvcp140.dll
windows7-x64
3x86/msvcp140.dll
windows10-2004-x64
3x86/msvcp140_app.dll
windows7-x64
3x86/msvcp140_app.dll
windows10-2004-x64
3x86/regist...32.dll
windows7-x64
1x86/regist...32.dll
windows10-2004-x64
1Analysis
-
max time kernel
117s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/05/2024, 11:09
Static task
static1
Behavioral task
behavioral1
Sample
x86/api-ms-win-core-util-l1-1-0.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral2
Sample
x86/api-ms-win-crt-conio-l1-1-0.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
x86/api-ms-win-crt-convert-l1-1-0.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral4
Sample
x86/api-ms-win-crt-environment-l1-1-0.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
x86/api-ms-win-crt-filesystem-l1-1-0.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral6
Sample
x86/api-ms-win-crt-heap-l1-1-0.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral7
Sample
x86/api-ms-win-crt-locale-l1-1-0.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral8
Sample
x86/api-ms-win-crt-math-l1-1-0.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral9
Sample
x86/api-ms-win-crt-multibyte-l1-1-0.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral10
Sample
x86/api-ms-win-crt-private-l1-1-0.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral11
Sample
x86/api-ms-win-crt-process-l1-1-0.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral12
Sample
x86/api-ms-win-crt-runtime-l1-1-0.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral13
Sample
x86/api-ms-win-crt-stdio-l1-1-0.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral14
Sample
x86/api-ms-win-crt-string-l1-1-0.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral15
Sample
x86/api-ms-win-crt-time-l1-1-0.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral16
Sample
x86/api-ms-win-crt-utility-l1-1-0.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral17
Sample
x86/dbghelp.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral18
Sample
x86/dbghelp.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral19
Sample
x86/embeddeduiproxy.dll
Resource
win7-20240220-en
windows7-x64
Behavioral task
behavioral20
Sample
x86/embeddeduiproxy.dll
Resource
win10v2004-20240426-en
windows10-2004-x64
Behavioral task
behavioral21
Sample
x86/encoder.dll
Resource
win7-20231129-en
windows7-x64
Behavioral task
behavioral22
Sample
x86/encoder.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral23
Sample
x86/expatai.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral24
Sample
x86/expatai.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral25
Sample
x86/gameratings.dll
Resource
win7-20240508-en
windows7-x64
Behavioral task
behavioral26
Sample
x86/gameratings.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral27
Sample
x86/msvcp140.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral28
Sample
x86/msvcp140.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
Behavioral task
behavioral29
Sample
x86/msvcp140_app.dll
Resource
win7-20240221-en
windows7-x64
Behavioral task
behavioral30
Sample
x86/msvcp140_app.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
Behavioral task
behavioral31
Sample
x86/registryTracer32.dll
Resource
win7-20240419-en
windows7-x64
Behavioral task
behavioral32
Sample
x86/registryTracer32.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
General
-
Target
x86/msvcp140_app.dll
-
Size
247KB
-
MD5
f8aeec14b6e8c215de0b571a5c41a4e6
-
SHA1
10647106c1e6b3dc9fde41016a3f72f6a3a1434c
-
SHA256
36dec0fdd6920d9a5a62ab85e619e15cab4119dbf89606dba66ea8fb2aed63c6
-
SHA512
136b0a3bcfc08296081a640da8e0cd4735e6ddcb199e97f3537ab219133d1c1a643132a48f61fc809e12588e231d09dff31b2fa1c25f50bb18c1f141a0a78c07
-
SSDEEP
6144:mf940Jf3hfUag4iGWy6kQgRr7Htp5FfxYt3OOMoocI8FrhHskeC62yexB86:mFTJf3hfUag4iGWy6kQgRr7Htp5FfxYy
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2052 2144 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 1252 wrote to memory of 2144 1252 rundll32.exe 28 PID 1252 wrote to memory of 2144 1252 rundll32.exe 28 PID 1252 wrote to memory of 2144 1252 rundll32.exe 28 PID 1252 wrote to memory of 2144 1252 rundll32.exe 28 PID 1252 wrote to memory of 2144 1252 rundll32.exe 28 PID 1252 wrote to memory of 2144 1252 rundll32.exe 28 PID 1252 wrote to memory of 2144 1252 rundll32.exe 28 PID 2144 wrote to memory of 2052 2144 rundll32.exe 29 PID 2144 wrote to memory of 2052 2144 rundll32.exe 29 PID 2144 wrote to memory of 2052 2144 rundll32.exe 29 PID 2144 wrote to memory of 2052 2144 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\x86\msvcp140_app.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1252 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\x86\msvcp140_app.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2144 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 2243⤵
- Program crash
PID:2052
-
-