Overview

overview

7

Static

static

3

TVK.exe

windows7-x64

7

TVK.exe

windows10-2004-x64

7

//...ll.exe

windows7-x64

//...ll.exe

windows10-2004-x64

/Buffering.htm

windows7-x64

/Buffering.htm

windows10-2004-x64

/LoginTV.htm

windows7-x64

/LoginTV.htm

windows10-2004-x64

/WhatsNew.htm

windows7-x64

/WhatsNew.htm

windows10-2004-x64

/config.dll

windows7-x64

/config.dll

windows10-2004-x64

/mobilefee.htm

windows7-x64

/mobilefee.htm

windows10-2004-x64

/setup.exe

windows7-x64

/setup.exe

windows10-2004-x64

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$TEMP/modules/$R0.dll

windows7-x64

6

$TEMP/modules/$R0.dll

windows10-2004-x64

6

$TEMP/modu...dr.dll

windows7-x64

6

$TEMP/modu...dr.dll

windows10-2004-x64

6

$TEMP/modu...xr.dll

windows7-x64

7

$TEMP/modu...xr.dll

windows10-2004-x64

7

$TEMP/modu...xr.exe

windows7-x64

1

$TEMP/modu...xr.exe

windows10-2004-x64

1

$TEMP/modu...ll.exe

windows7-x64

1

$TEMP/modu...ll.exe

windows10-2004-x64

1

$TEMP/modu...gn.dll

windows7-x64

1

$TEMP/modu...gn.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 13:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/System.dll

  • Size

    10KB

  • MD5

    0bbcbaee7b703ebd55cd8658a0e8dcd3

  • SHA1

    6ed448b8b67cea36eb45bfbc67fed9a6da9623e4

  • SHA256

    e67277ecc4f6c7beb3c7e586ce508677269db056c7541eacfecf6c719f559da6

  • SHA512

    604c524bd00313f6411cc9878d5c9a1db77588049feeb5bb02c971df44f8becbd18d251cc20e551b878173eb2a78be61f31352769597c6334cffc0bc2326b008

  • SSDEEP

    192:WO6dJA/ruAFEiUdWWE6hE5RYUdJfbub1azgMO:TKAFERdlxhGRYUzqZaz

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4880
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
      2⤵
        PID:3020
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 612
          3⤵
          • Program crash
          PID:4092
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3020 -ip 3020
      1⤵
        PID:1972

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads