Overview

overview

8

Static

static

7

v2_builds_...er.exe

windows10-2004-x64

8

v2_builds_...er.exe

windows11-21h2-x64

8

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...ns.dll

windows11-21h2-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows11-21h2-x64

3

$PLUGINSDI...up.exe

windows10-2004-x64

8

$PLUGINSDI...up.exe

windows11-21h2-x64

8

QuiverPhotos.exe

windows10-2004-x64

8

QuiverPhotos.exe

windows11-21h2-x64

8

Resubmissions

09-07-2024 21:40

240709-1jl9bayglb 8

09-07-2024 21:37

240709-1gr2saxclm 8

Analysis

  • max time kernel
    1s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240709-en
  • resource tags

    arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    09-07-2024 21:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/InstallOptions.dll

  • Size

    32KB

  • MD5

    1f24c9859dd6639d0c752d7b96a2442d

  • SHA1

    7014f711d1d06cdc3d5bae678aad29e8b9ebcfd2

  • SHA256

    657672be6ea8a72fb4765074cfda019fb8fa4eacb3238a416c186f53919d7cf4

  • SHA512

    7a488b27031e76873623142e66355d45a2bcd13d0fe235b93db1f92bb5c6658c4b689131672cacdad7b5a3204fca3fdbe020066f442b3a0db17fcf85f3eabf96

  • SSDEEP

    384:PnpIqrPKteJM6zAzlq0BnPr681qrSYc/RHXCtk6tztN4Ykvdv7WbHwyx1I83cwTv:PpI8yU0tmC/hS3NfgvtQt28PEslxo

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\InstallOptions.dll,#1
      2⤵
        PID:4192
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 544
          3⤵
          • Program crash
          PID:4208
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 4192 -ip 4192
      1⤵
        PID:4784

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/4192-0-0x0000000075370000-0x0000000075384000-memory.dmp

        Filesize

        80KB

        Download