Overview

overview

7

Static

static

7

dos.exe

windows7-x64

7

dos.exe

windows10-2004-x64

7

libeay32.dll

windows7-x64

7

libeay32.dll

windows10-2004-x64

7

ngdqsz.dll

windows7-x64

5

ngdqsz.dll

windows10-2004-x64

5

ssleay32.dll

windows7-x64

7

ssleay32.dll

windows10-2004-x64

7

Analysis

  • max time kernel
    91s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08/07/2024, 03:55

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    ngdqsz.dll

  • Size

    12.7MB

  • MD5

    a25fe3c1592007d0170684ec88e70389

  • SHA1

    c1fd6762c39e538d1fe2bdff383d949a138038e1

  • SHA256

    5b27ab076427abbdf3e9045bd06258cbe86ea7cb02192334b79ee1a2de7ea0ce

  • SHA512

    bac61f3df6ddfb6d00310f2cf24bf16941c74bc82a386a1ce842a4f6f1676800cc32a513239f2e20dfedf4b99d9dfe387d93a379fe875a01002679a528ee6bc3

  • SSDEEP

    393216:RO+/Q6SNgWGa/sqjXcsB9dJu3MnjDDAHg4:RO+/sDIi9dJdDDAH5

Score
5/10

Malware Config

Signatures

  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ngdqsz.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3380
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ngdqsz.dll,#1
      2⤵
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      PID:1784
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 660
        3⤵
        • Program crash
        PID:4700
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1784 -ip 1784
    1⤵
      PID:1780

    Network

          MITRE ATT&CK Matrix

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • memory/1784-0-0x0000000000FC0000-0x0000000000FC1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1784-1-0x0000000073C25000-0x0000000074243000-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/1784-3-0x0000000073760000-0x0000000074F31000-memory.dmp

            Filesize

            23.8MB

            Download

          • memory/1784-5-0x0000000073760000-0x0000000074F31000-memory.dmp

            Filesize

            23.8MB

            Download

          • memory/1784-6-0x0000000073C25000-0x0000000074243000-memory.dmp

            Filesize

            6.1MB

            Download

          • memory/1784-7-0x0000000073760000-0x0000000074F31000-memory.dmp

            Filesize

            23.8MB

            Download