Overview

overview

8

Static

static

3

VAG-K_CAN_...st.exe

windows7-x64

4

VAG-K_CAN_...st.exe

windows10-2004-x64

4

VAG-K_CAN_...UI.dll

windows7-x64

1

VAG-K_CAN_...UI.dll

windows10-2004-x64

3

VAG-K_CAN_...XX.dll

windows7-x64

1

VAG-K_CAN_...XX.dll

windows10-2004-x64

1

VAG-K_CAN_...US.sys

windows7-x64

1

VAG-K_CAN_...US.sys

windows10-2004-x64

1

VAG-K_CAN_...IN.exe

windows7-x64

1

VAG-K_CAN_...IN.exe

windows10-2004-x64

1

VAG-K_CAN_...ng.dll

windows7-x64

1

VAG-K_CAN_...ng.dll

windows10-2004-x64

1

VAG-K_CAN_...co.dll

windows7-x64

1

VAG-K_CAN_...co.dll

windows10-2004-x64

1

VAG-K_CAN_...2k.sys

windows7-x64

1

VAG-K_CAN_...2k.sys

windows10-2004-x64

1

VAG-K_CAN_...i2.dll

windows7-x64

1

VAG-K_CAN_...i2.dll

windows10-2004-x64

1

VAG-K_CAN_...up.dll

windows7-x64

8

VAG-K_CAN_...up.dll

windows10-2004-x64

8

VAG-K_CAN_...er.exe

windows7-x64

8

VAG-K_CAN_...er.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2024, 02:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    VAG-K_CAN_Commander_1[X].4/CDM_Setup/ftserui2.dll

  • Size

    32KB

  • MD5

    1452ce75a9ac31d29d552f3bcd62e64e

  • SHA1

    9c55824bd4f8bd46d05388b017113201de6f5a1d

  • SHA256

    e49ba33c49c921322c807d0ef21815cff0af3fc32c269c9f4cf32d57705b9c62

  • SHA512

    36d64f5250d167722cbf69f6259d87d04067ff3a779f7a4d8686a8566d7373e824a51933378d3dfca65cb341e6a096d9758c64cc17ceaafed4c7a6a870c19161

  • SSDEEP

    384:1bL6rJ9kE/hXnlsg8DiIYX8gJtckZqUS6lrdeOW9OqN9PWyWCtoxsQwM48KQYdMh:IPXegUix/plAX1W9fohXJ2/r2+

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\VAG-K_CAN_Commander_1[X].4\CDM_Setup\ftserui2.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4092
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\VAG-K_CAN_Commander_1[X].4\CDM_Setup\ftserui2.dll,#1
      2⤵
        PID:3032

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads