Overview

overview

7

Static

static

7

23a655e8a2...18.exe

windows7-x64

7

23a655e8a2...18.exe

windows10-2004-x64

7

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDIR/inetc.dll

windows7-x64

3

$PLUGINSDIR/inetc.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

7

$PLUGINSDI...ll.dll

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...om.dll

windows7-x64

7

$PLUGINSDI...om.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    03/07/2024, 22:25 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/nsRandom.dll

  • Size

    21KB

  • MD5

    ab467b8dfaa660a0f0e5b26e28af5735

  • SHA1

    596abd2c31eaff3479edf2069db1c155b59ce74d

  • SHA256

    db267d9920395b4badc48de04df99dfd21d579480d103cae0f48e6578197ff73

  • SHA512

    7d002dc203997b8a4d8ec20c92cd82848e29d746414f4a61265c76d4afb12c05bce826fc63f4d2bd3d527f38506c391855767d864c37584df11b5db9ca008301

  • SSDEEP

    384:LCHDPMs4GdtyO5roguusMxUXiO3wOw95euooP2UgKbd9BvNtf:LCHD6Gh87MKXil/5r2U3z

Score
7/10
upx

Malware Config

Signatures

  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsRandom.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsRandom.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2200
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 228
        3⤵
        • Program crash
        PID:1912

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2200-0-0x0000000000120000-0x0000000000132000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2200-3-0x00000000001C0000-0x00000000001D2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2200-2-0x0000000000120000-0x0000000000132000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2200-1-0x0000000000120000-0x0000000000132000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2200-6-0x0000000000120000-0x0000000000132000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2200-8-0x0000000000120000-0x0000000000132000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2200-7-0x0000000000120000-0x0000000000132000-memory.dmp

    Filesize

    72KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.