Overview

overview

7

Static

static

3

69014a6542...18.exe

windows7-x64

7

69014a6542...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...jq.dll

windows7-x64

3

$PLUGINSDI...jq.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 23:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/enjrqjq.dll

  • Size

    166KB

  • MD5

    ce2f5ffc71b5a35226f07eb682ba5dd3

  • SHA1

    dfa1509cccf6e9888b303390280de472133f7624

  • SHA256

    64f78a164b05e72224bcc0335e85aa7761fdaa88e13152318b12540218b0c57a

  • SHA512

    e81fd262d1650b97f340311740e26d00d07c73704341701e3a306411a2eb490c534925e540660101c789d4c06cb21f18fe8763e244884ec0f2b3e5b7e9f199c0

  • SSDEEP

    3072:Gx/uQ61kgMqaVJ/GnurFsNMrdSfj2+TU9slaLC:G/uQ6CgwOur3dS72Ve

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\enjrqjq.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2180
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\enjrqjq.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2380
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 220
        3⤵
        • Program crash
        PID:2372

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads