Resubmissions
26/06/2024, 19:13
240626-xw3v2syepc 7Analysis
-
max time kernel
94s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
26/06/2024, 19:13
Behavioral task
behavioral1
Sample
REALEcliptic_Build_4.0.5/ECLIPSE_4.0.5.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral2
Sample
REALEcliptic_Build_4.0.5/bin/drawUi.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
REALEcliptic_Build_4.0.5/bin/glew32.dll
Resource
win10v2004-20240508-en
General
-
Target
REALEcliptic_Build_4.0.5/bin/glew32.dll
-
Size
324KB
-
MD5
7399bc6fcbcfe81b6437d37d45d27e00
-
SHA1
254ac4f5e56cd5ce14d31f824de7949b09597c78
-
SHA256
1ea8aedc46418e08aeabcb91c16fb4a0ab669924dd0a6071d143f13cd932a022
-
SHA512
bfffdd518b1a7a4890762e38861db465e187dc197aa6b02f2644ac798e0e03e6f6b2543e24e92e3a16a82ee3d9f795ff12845caf174b2d1b5f6800d7ae1941ea
-
SSDEEP
6144:GzLQ5Ht2YVVlGSAkApyg8YifaTzaOAz7Du:6Q5HkUVzH
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 4520 3464 WerFault.exe 80 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4948 wrote to memory of 3464 4948 rundll32.exe 80 PID 4948 wrote to memory of 3464 4948 rundll32.exe 80 PID 4948 wrote to memory of 3464 4948 rundll32.exe 80
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\REALEcliptic_Build_4.0.5\bin\glew32.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4948 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\REALEcliptic_Build_4.0.5\bin\glew32.dll,#12⤵PID:3464
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 6203⤵
- Program crash
PID:4520
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3464 -ip 34641⤵PID:4720