Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    22-06-2024 13:00

General

  • Target

    NsPlugin.dll

  • Size

    5KB

  • MD5

    4e442e6c28c068c8f2ab1634d9674207

  • SHA1

    9ea7a8f333ab0c0ba092a779d637204b05ddc75b

  • SHA256

    96117692ef2ffd29251d0c9240cd671dac87a331c617864c327ecb5b4af9e4da

  • SHA512

    7657f90ceb2a07906fa45534de1c15c1f25d0e99fe941767badbf308f01c996a44ff237fac5418124e6bf3bc2e0166be9f7f742f2f9c10bbeed7338450d7315a

  • SSDEEP

    48:qNnbBCONSw0aPfVvDVgzI+tpuOt9Ot9wClVfiff3YyBL9wvF:snbcONR3re1tpuwwwCMf3rL9O

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\NsPlugin.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\NsPlugin.dll,#1
      2⤵
      • Blocklisted process makes network request
      PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2136-0-0x0000000000190000-0x00000000001AB000-memory.dmp

    Filesize

    108KB

  • memory/2136-1-0x00000000001B0000-0x00000000001C0000-memory.dmp

    Filesize

    64KB