Analysis
-
max time kernel
94s -
max time network
96s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10-07-2024 20:25
Static task
static1
Behavioral task
behavioral1
Sample
82e683f521d395ceabb0703c0e2de95c5c8886aed811da565bb8c03436452d3e.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
82e683f521d395ceabb0703c0e2de95c5c8886aed811da565bb8c03436452d3e.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240705-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsExec.dll
Resource
win7-20240704-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240709-en
General
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
6KB
-
MD5
fdee755c4987e9859e0eec130ee22efd
-
SHA1
ba32823881a98da6b92eee1d866be2b3a20c6e5d
-
SHA256
e18984e78d58b2383f2c1e8ed0000088ee8d9d469345383618f179176fcddff6
-
SHA512
31ba3dad22fd9b78ab3f6017c4373c923d048cf0c010900a131c4533ef185d408a88052aa4cf6184dbe484d44aab9cfa94a052185cf0b9ad19286ed921e4723f
-
SSDEEP
96:ft4Vl/7Lo1UBrob9ljNEUgD7cyuM1x9XkraK2A2KAB5VVDyssKZ:ft4Vlw1Iul5J8T1vK20I5VVGsb
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target process target process 4236 3816 WerFault.exe rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4024 wrote to memory of 3816 4024 rundll32.exe rundll32.exe PID 4024 wrote to memory of 3816 4024 rundll32.exe rundll32.exe PID 4024 wrote to memory of 3816 4024 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4024 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#12⤵PID:3816
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 6123⤵
- Program crash
PID:4236
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3816 -ip 38161⤵PID:2196