Overview

overview

7

Static

static

3

695689cfe6...18.exe

windows7-x64

7

695689cfe6...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...ye.dll

windows7-x64

3

$PLUGINSDI...ye.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    23-05-2024 01:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/ghakrye.dll

  • Size

    160KB

  • MD5

    c0cb5bbe90877b5e8a92354af4ffbf8d

  • SHA1

    bda41b0cfed8bc96d0f185bef15fd37b810f3d32

  • SHA256

    b70dfaa63f76670b9c62d26278b59d75a307c0e3def0edb76829c6fa03df8584

  • SHA512

    51482bbc38a8cbeb42f8d2a1c0129b3f5cb98b54b9d9f3c52db7e617ef2d6c1059094e4e816c36dda50b95c95edd5f8494ae217f43198256a352265ea81ecc6f

  • SSDEEP

    3072:nASYZe7keW19zBE+7EH0KH+smdqDUjOoo7d:nASdqEH0gDoo7

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ghakrye.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2928
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\ghakrye.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2980
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 220
        3⤵
        • Program crash
        PID:1296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads