Overview
overview
8Static
static
3NXYEdge.exe
windows10-2004-x64
8$PLUGINSDI...LL.dll
windows10-2004-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3$PLUGINSDI...er.dll
windows10-2004-x64
3$PLUGINSDI...gs.dll
windows10-2004-x64
3$PLUGINSDI...ec.dll
windows10-2004-x64
3$TEMP/certmgr.exe
windows10-2004-x64
1NXYEdgeInput.exe
windows10-2004-x64
7NXYEdgeService.exe
windows10-2004-x64
5NXYPassGuardX.exe
windows10-2004-x64
1certmgr.exe
windows10-2004-x64
1Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system -
submitted
16-07-2024 09:12
Static task
static1
Behavioral task
behavioral1
Sample
NXYEdge.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral2
Sample
$PLUGINSDIR/KillProcDLL.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/killer.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/nsDialogs.dll
Resource
win10v2004-20240709-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/nsExec.dll
Resource
win10v2004-20240704-en
Behavioral task
behavioral7
Sample
$TEMP/certmgr.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral8
Sample
NXYEdgeInput.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral9
Sample
NXYEdgeService.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral10
Sample
NXYPassGuardX.exe
Resource
win10v2004-20240709-en
Behavioral task
behavioral11
Sample
certmgr.exe
Resource
win10v2004-20240704-en
General
-
Target
$PLUGINSDIR/killer.dll
-
Size
6KB
-
MD5
16205cd992d3b3827573f93ab8923e4e
-
SHA1
4eece7a206ee619264d686ca1b3021b9f482866b
-
SHA256
967d66f23cf3d9d3e5a4d6a9c6e366e792a98cc8a293196095b10cd82da9a695
-
SHA512
257b2047b8e9303457bb050a760b8d2577da55642e4fb02933e6188d0591ff8adfe0c8df2a441577466f23a8e3bff2e94e9cfcfc381c4d255935123996c06d6d
-
SSDEEP
48:CRNdQ/SbTfx6gA6IMzLvM0Aoy3TYzyixX9o1TNRgPEgt/b82ebRuqSd7:mNGajxG+PWTwlSbpx
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 2340 3828 WerFault.exe 83 -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2124 wrote to memory of 3828 2124 rundll32.exe 83 PID 2124 wrote to memory of 3828 2124 rundll32.exe 83 PID 2124 wrote to memory of 3828 2124 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\killer.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2124 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\killer.dll,#12⤵PID:3828
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 6123⤵
- Program crash
PID:2340
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3828 -ip 38281⤵PID:4296