Overview
overview
10Static
static
4TeraBox_sl....1.exe
windows7-x64
10TeraBox_sl....1.exe
windows10-2004-x64
4$PLUGINSDI...UI.dll
windows7-x64
3$PLUGINSDI...UI.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...sW.dll
windows7-x64
3$PLUGINSDI...sW.dll
windows10-2004-x64
3$TEMP/kernel.dll
windows7-x64
1$TEMP/kernel.dll
windows10-2004-x64
1AppUtil.dll
windows7-x64
1AppUtil.dll
windows10-2004-x64
1AutoUpdate...il.dll
windows7-x64
3AutoUpdate...il.dll
windows10-2004-x64
3AutoUpdate...te.exe
windows7-x64
1AutoUpdate...te.exe
windows10-2004-x64
1BugReport.exe
windows7-x64
3BugReport.exe
windows10-2004-x64
5Bull140U.dll
windows7-x64
1Bull140U.dll
windows10-2004-x64
1ChromeNati...st.exe
windows7-x64
1ChromeNati...st.exe
windows10-2004-x64
1HelpUtility.exe
windows7-x64
1HelpUtility.exe
windows10-2004-x64
1TeraBox.exe
windows7-x64
5TeraBox.exe
windows10-2004-x64
TeraBoxHost.exe
windows7-x64
1TeraBoxHost.exe
windows10-2004-x64
1TeraBoxRender.exe
windows7-x64
1TeraBoxRender.exe
windows10-2004-x64
1TeraBoxWebService.exe
windows7-x64
1TeraBoxWebService.exe
windows10-2004-x64
1Analysis
-
max time kernel
90s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
10-07-2024 21:01
Behavioral task
behavioral1
Sample
TeraBox_sl_b_1.31.0.1.exe
Resource
win7-20240705-en
Behavioral task
behavioral2
Sample
TeraBox_sl_b_1.31.0.1.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/NsisInstallUI.dll
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/NsisInstallUI.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/nsProcessW.dll
Resource
win7-20240704-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/nsProcessW.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
$TEMP/kernel.dll
Resource
win7-20240705-en
Behavioral task
behavioral10
Sample
$TEMP/kernel.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
AppUtil.dll
Resource
win7-20240704-en
Behavioral task
behavioral12
Sample
AppUtil.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral13
Sample
AutoUpdate/AutoUpdateUtil.dll
Resource
win7-20240708-en
Behavioral task
behavioral14
Sample
AutoUpdate/AutoUpdateUtil.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral15
Sample
AutoUpdate/Autoupdate.exe
Resource
win7-20240708-en
Behavioral task
behavioral16
Sample
AutoUpdate/Autoupdate.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral17
Sample
BugReport.exe
Resource
win7-20240708-en
Behavioral task
behavioral18
Sample
BugReport.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral19
Sample
Bull140U.dll
Resource
win7-20240705-en
Behavioral task
behavioral20
Sample
Bull140U.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral21
Sample
ChromeNativeMessagingHost.exe
Resource
win7-20240705-en
Behavioral task
behavioral22
Sample
ChromeNativeMessagingHost.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral23
Sample
HelpUtility.exe
Resource
win7-20240704-en
Behavioral task
behavioral24
Sample
HelpUtility.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral25
Sample
TeraBox.exe
Resource
win7-20240705-en
Behavioral task
behavioral26
Sample
TeraBox.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral27
Sample
TeraBoxHost.exe
Resource
win7-20240704-en
Behavioral task
behavioral28
Sample
TeraBoxHost.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral29
Sample
TeraBoxRender.exe
Resource
win7-20240704-en
Behavioral task
behavioral30
Sample
TeraBoxRender.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral31
Sample
TeraBoxWebService.exe
Resource
win7-20240704-en
Behavioral task
behavioral32
Sample
TeraBoxWebService.exe
Resource
win10v2004-20240709-en
General
-
Target
AutoUpdate/AutoUpdateUtil.dll
-
Size
198KB
-
MD5
1e751e9ac7a6905d2f1b2860cc7d37a7
-
SHA1
6e7171f68a1c432a512cae3901d35faad550ca0e
-
SHA256
9b95b90e36e4f7bf257e56fadf6f7630fa70696c072f7b8d6de05eab87e0674e
-
SHA512
f54af4149c1d24f05fdb3c1d8b48f31444763e7c4effdcd9013c8c90a8aa7fa4531b00d5ee1b3f08fcfbebcd06aaf8aa318c40943a59e611d5c24435a0562034
-
SSDEEP
3072:3Oq3B8kyfQQC2mC2gbvCsGowP96rH0Vu3b1vJ4gMdyJVj+G3O1fnAtZY:eq3BJ4vCCa9VgxR+GGvAK
Malware Config
Signatures
-
Program crash 1 IoCs
Processes:
WerFault.exepid pid_target Process procid_target 2716 3192 WerFault.exe 84 -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid Process procid_target PID 432 wrote to memory of 3192 432 rundll32.exe 84 PID 432 wrote to memory of 3192 432 rundll32.exe 84 PID 432 wrote to memory of 3192 432 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\AutoUpdate\AutoUpdateUtil.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:432 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\AutoUpdate\AutoUpdateUtil.dll,#12⤵PID:3192
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 6123⤵
- Program crash
PID:2716
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3192 -ip 31921⤵PID:4512