Analysis
-
max time kernel
117s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
10-07-2024 10:02
Static task
static1
Behavioral task
behavioral1
Sample
c605bbb80497f649c14f03846249dbe6c72ac434ec1e1ef9292e80f1d92b832b.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c605bbb80497f649c14f03846249dbe6c72ac434ec1e1ef9292e80f1d92b832b.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240709-en
General
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
fdee755c4987e9859e0eec130ee22efd
-
SHA1
ba32823881a98da6b92eee1d866be2b3a20c6e5d
-
SHA256
e18984e78d58b2383f2c1e8ed0000088ee8d9d469345383618f179176fcddff6
-
SHA512
31ba3dad22fd9b78ab3f6017c4373c923d048cf0c010900a131c4533ef185d408a88052aa4cf6184dbe484d44aab9cfa94a052185cf0b9ad19286ed921e4723f
-
SSDEEP
96:ft4Vl/7Lo1UBrob9ljNEUgD7cyuM1x9XkraK2A2KAB5VVDyssKZ:ft4Vlw1Iul5J8T1vK20I5VVGsb
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 2316 2260 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 11 IoCs
Processes:
rundll32.exerundll32.exedescription pid process target process PID 2252 wrote to memory of 2260 2252 rundll32.exe rundll32.exe PID 2252 wrote to memory of 2260 2252 rundll32.exe rundll32.exe PID 2252 wrote to memory of 2260 2252 rundll32.exe rundll32.exe PID 2252 wrote to memory of 2260 2252 rundll32.exe rundll32.exe PID 2252 wrote to memory of 2260 2252 rundll32.exe rundll32.exe PID 2252 wrote to memory of 2260 2252 rundll32.exe rundll32.exe PID 2252 wrote to memory of 2260 2252 rundll32.exe rundll32.exe PID 2260 wrote to memory of 2316 2260 rundll32.exe WerFault.exe PID 2260 wrote to memory of 2316 2260 rundll32.exe WerFault.exe PID 2260 wrote to memory of 2316 2260 rundll32.exe WerFault.exe PID 2260 wrote to memory of 2316 2260 rundll32.exe WerFault.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2252 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#12⤵
- Suspicious use of WriteProcessMemory
PID:2260 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 2203⤵
- Program crash
PID:2316