Overview

overview

10

Static

static

3

RoweHack/Lunar.dll

windows10-2004-x64

1

RoweHack/Oni.exe

windows10-2004-x64

1

RoweHack/RoweHack.exe

windows10-2004-x64

10

RoweHack/b...47.dll

windows10-2004-x64

3

RoweHack/b...40.dll

windows10-2004-x64

1

RoweHack/bin/onih.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 18:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    RoweHack/bin/d3dcompiler_47.dll

  • Size

    3.5MB

  • MD5

    6bc4ada9a7cab72f49c564e6c86b4c3e

  • SHA1

    f0fba01542a0fbe585106f7efd884df65e8c89dc

  • SHA256

    7d0d1290382ea0e44a3178446a0c202696237e27dbb5f8f0827691092b8f2228

  • SHA512

    d7ec39514c104b40a42cd3ca956ba84f5a78f237a39f40d85ba54983145bce2dfbc7ec5e0cbc1bf8ab64d1d370371a7cba5e30202d2c1f37782db32486ed7f6e

  • SSDEEP

    49152:nqr33AJsOB8SLXId6mEjWEmNZMKRMbDhQc6555Rqp28ITdGS90tQhveWja37PLE3:nyUa6PcMbWD86dGZR

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\RoweHack\bin\d3dcompiler_47.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:740
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\RoweHack\bin\d3dcompiler_47.dll,#1
      2⤵
        PID:4136
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 612
          3⤵
          • Program crash
          PID:4248
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4136 -ip 4136
      1⤵
        PID:5020

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads