Overview
overview
7Static
static
3iLovePDF D...er.exe
windows7-x64
7iLovePDF D...er.exe
windows10-2004-x64
7$PLUGINSDI...to.dll
windows7-x64
3$PLUGINSDI...to.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDIR/INetC.dll
windows7-x64
3$PLUGINSDIR/INetC.dll
windows10-2004-x64
3$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDI...te.dll
windows7-x64
3$PLUGINSDI...te.dll
windows10-2004-x64
3$PLUGINSDI...st.dll
windows7-x64
3$PLUGINSDI...st.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows7-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...al.ini
windows7-x64
1$PLUGINSDI...al.ini
windows10-2004-x64
1$PLUGINSDI...e.html
windows7-x64
1$PLUGINSDI...e.html
windows10-2004-x64
1$PLUGINSDI...er.bmp
windows7-x64
3$PLUGINSDI...er.bmp
windows10-2004-x64
7$PLUGINSDI...rd.bmp
windows7-x64
3$PLUGINSDI...rd.bmp
windows10-2004-x64
7$PLUGINSDI...ay.dll
windows7-x64
3$PLUGINSDI...ay.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows7-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-es -
resource tags
arch:x64arch:x86image:win7-20240221-eslocale:es-esos:windows7-x64systemwindows -
submitted
20-05-2024 19:34
Static task
static1
Behavioral task
behavioral1
Sample
iLovePDF Desktop Installer.exe
Resource
win7-20240221-es
Behavioral task
behavioral2
Sample
iLovePDF Desktop Installer.exe
Resource
win10v2004-20240508-es
Behavioral task
behavioral3
Sample
$PLUGINSDIR/Crypto.dll
Resource
win7-20240220-es
Behavioral task
behavioral4
Sample
$PLUGINSDIR/Crypto.dll
Resource
win10v2004-20240508-es
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Dialer.dll
Resource
win7-20240419-es
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Dialer.dll
Resource
win10v2004-20240426-es
Behavioral task
behavioral7
Sample
$PLUGINSDIR/INetC.dll
Resource
win7-20240508-es
Behavioral task
behavioral8
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240508-es
Behavioral task
behavioral9
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win7-20240221-es
Behavioral task
behavioral10
Sample
$PLUGINSDIR/InstallOptions.dll
Resource
win10v2004-20240426-es
Behavioral task
behavioral11
Sample
$PLUGINSDIR/Locate.dll
Resource
win7-20240221-es
Behavioral task
behavioral12
Sample
$PLUGINSDIR/Locate.dll
Resource
win10v2004-20240508-es
Behavioral task
behavioral13
Sample
$PLUGINSDIR/LockedList.dll
Resource
win7-20240221-es
Behavioral task
behavioral14
Sample
$PLUGINSDIR/LockedList.dll
Resource
win10v2004-20240508-es
Behavioral task
behavioral15
Sample
$PLUGINSDIR/ShellExecAsUser.dll
Resource
win7-20240508-es
Behavioral task
behavioral16
Sample
$PLUGINSDIR/ShellExecAsUser.dll
Resource
win10v2004-20240508-es
Behavioral task
behavioral17
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240220-es
Behavioral task
behavioral18
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-es
Behavioral task
behavioral19
Sample
$PLUGINSDIR/ThreadTimer.dll
Resource
win7-20240221-es
Behavioral task
behavioral20
Sample
$PLUGINSDIR/ThreadTimer.dll
Resource
win10v2004-20240426-es
Behavioral task
behavioral21
Sample
$PLUGINSDIR/ioSpecial.ini
Resource
win7-20240508-es
Behavioral task
behavioral22
Sample
$PLUGINSDIR/ioSpecial.ini
Resource
win10v2004-20240426-es
Behavioral task
behavioral23
Sample
$PLUGINSDIR/license.html
Resource
win7-20240221-es
Behavioral task
behavioral24
Sample
$PLUGINSDIR/license.html
Resource
win10v2004-20240508-es
Behavioral task
behavioral25
Sample
$PLUGINSDIR/modern-header.bmp
Resource
win7-20240221-es
Behavioral task
behavioral26
Sample
$PLUGINSDIR/modern-header.bmp
Resource
win10v2004-20240508-es
Behavioral task
behavioral27
Sample
$PLUGINSDIR/modern-wizard.bmp
Resource
win7-20240419-es
Behavioral task
behavioral28
Sample
$PLUGINSDIR/modern-wizard.bmp
Resource
win10v2004-20240508-es
Behavioral task
behavioral29
Sample
$PLUGINSDIR/nsArray.dll
Resource
win7-20240221-es
Behavioral task
behavioral30
Sample
$PLUGINSDIR/nsArray.dll
Resource
win10v2004-20240426-es
Behavioral task
behavioral31
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win7-20240508-es
Behavioral task
behavioral32
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240426-es
General
-
Target
$PLUGINSDIR/nsArray.dll
-
Size
12KB
-
MD5
da4bc09439ed21faf7620a53433aac92
-
SHA1
94e3347aebe16cb88b9f29f00134d9e0fb67e508
-
SHA256
216d68d3f0b37bb2203b3a438a84a089e8c388608f46377ad7e7d6a2709cf9b0
-
SHA512
920294456e8fee0c4137e4b4ba1389f09ade297d6ed49d78a9593d129dbb5eb048da2cbff7ac29687999991d5f38657cb31af73e2ccf6b8b9ce29480d4d81ec6
-
SSDEEP
192:LULA8tZt1pehCUVFpZ/XXz5F8qioPYtS/Z8i4NVhWp1h2ph30R:gLAe1peEUD/X1F8qiAFLhOh
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 908 1688 WerFault.exe 28 -
Suspicious use of WriteProcessMemory 11 IoCs
description pid Process procid_target PID 2424 wrote to memory of 1688 2424 rundll32.exe 28 PID 2424 wrote to memory of 1688 2424 rundll32.exe 28 PID 2424 wrote to memory of 1688 2424 rundll32.exe 28 PID 2424 wrote to memory of 1688 2424 rundll32.exe 28 PID 2424 wrote to memory of 1688 2424 rundll32.exe 28 PID 2424 wrote to memory of 1688 2424 rundll32.exe 28 PID 2424 wrote to memory of 1688 2424 rundll32.exe 28 PID 1688 wrote to memory of 908 1688 rundll32.exe 29 PID 1688 wrote to memory of 908 1688 rundll32.exe 29 PID 1688 wrote to memory of 908 1688 rundll32.exe 29 PID 1688 wrote to memory of 908 1688 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsArray.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2424 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsArray.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:1688 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 2203⤵
- Program crash
PID:908
-
-