Overview

overview

8

Static

static

7

v2_builds_...er.exe

windows7-x64

3

v2_builds_...er.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...up.exe

windows7-x64

8

$PLUGINSDI...up.exe

windows10-2004-x64

8

QuiverPhotos.exe

windows7-x64

7

QuiverPhotos.exe

windows10-2004-x64

8

Resubmissions

09/07/2024, 21:40

240709-1jl9bayglb 8

09/07/2024, 21:37

240709-1gr2saxclm 8

Analysis

  • max time kernel
    140s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    09/07/2024, 21:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/InstallOptions.dll

  • Size

    32KB

  • MD5

    1f24c9859dd6639d0c752d7b96a2442d

  • SHA1

    7014f711d1d06cdc3d5bae678aad29e8b9ebcfd2

  • SHA256

    657672be6ea8a72fb4765074cfda019fb8fa4eacb3238a416c186f53919d7cf4

  • SHA512

    7a488b27031e76873623142e66355d45a2bcd13d0fe235b93db1f92bb5c6658c4b689131672cacdad7b5a3204fca3fdbe020066f442b3a0db17fcf85f3eabf96

  • SSDEEP

    384:PnpIqrPKteJM6zAzlq0BnPr681qrSYc/RHXCtk6tztN4Ykvdv7WbHwyx1I83cwTv:PpI8yU0tmC/hS3NfgvtQt28PEslxo

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1096
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2508
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        3⤵
        • Program crash
        PID:988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2508-0-0x0000000075290000-0x00000000752A4000-memory.dmp

    Filesize

    80KB

    Download