Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240221-es
  • resource tags

    arch:x64arch:x86image:win7-20240221-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    20-05-2024 19:34

General

  • Target

    $PLUGINSDIR/nsArray.dll

  • Size

    12KB

  • MD5

    da4bc09439ed21faf7620a53433aac92

  • SHA1

    94e3347aebe16cb88b9f29f00134d9e0fb67e508

  • SHA256

    216d68d3f0b37bb2203b3a438a84a089e8c388608f46377ad7e7d6a2709cf9b0

  • SHA512

    920294456e8fee0c4137e4b4ba1389f09ade297d6ed49d78a9593d129dbb5eb048da2cbff7ac29687999991d5f38657cb31af73e2ccf6b8b9ce29480d4d81ec6

  • SSDEEP

    192:LULA8tZt1pehCUVFpZ/XXz5F8qioPYtS/Z8i4NVhWp1h2ph30R:gLAe1peEUD/X1F8qiAFLhOh

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsArray.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2424
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsArray.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1688
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 220
        3⤵
        • Program crash
        PID:908

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads