Analysis

  • max time kernel
    144s
  • max time network
    149s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-06-2024 13:00

General

  • Target

    NsPlugin.dll

  • Size

    5KB

  • MD5

    4e442e6c28c068c8f2ab1634d9674207

  • SHA1

    9ea7a8f333ab0c0ba092a779d637204b05ddc75b

  • SHA256

    96117692ef2ffd29251d0c9240cd671dac87a331c617864c327ecb5b4af9e4da

  • SHA512

    7657f90ceb2a07906fa45534de1c15c1f25d0e99fe941767badbf308f01c996a44ff237fac5418124e6bf3bc2e0166be9f7f742f2f9c10bbeed7338450d7315a

  • SSDEEP

    48:qNnbBCONSw0aPfVvDVgzI+tpuOt9Ot9wClVfiff3YyBL9wvF:snbcONR3re1tpuwwwCMf3rL9O

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\NsPlugin.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4668
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\NsPlugin.dll,#1
      2⤵
        PID:408

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/408-0-0x0000000001510000-0x000000000152B000-memory.dmp

      Filesize

      108KB

    • memory/408-1-0x0000000001410000-0x0000000001420000-memory.dmp

      Filesize

      64KB