Overview

overview

7

Static

static

3

Minecraft....io.exe

windows11-21h2-x64

7

Data/Pytho...le.pyc

windows11-21h2-x64

3

Data/Pytho...y3.pyc

windows11-21h2-x64

3

Data/Pytho...ig.pyc

windows11-21h2-x64

3

Data/Pytho...ke.pyc

windows11-21h2-x64

3

Data/Pytho...cs.pyc

windows11-21h2-x64

3

Data/Pytho...rs.pyc

windows11-21h2-x64

3

Data/Pytho...as.pyc

windows11-21h2-x64

3

Data/Pytho...le.pyc

windows11-21h2-x64

3

Data/Pytho...me.pyc

windows11-21h2-x64

3

Data/Pytho...ng.pyc

windows11-21h2-x64

3

Data/Pytho...on.pyc

windows11-21h2-x64

3

Data/Pytho...ort.py

windows11-21h2-x64

3

Data/audio.dll

windows11-21h2-x64

3

Data/file.dll

windows11-21h2-x64

3

Data/gmbinaryfile.dll

windows11-21h2-x64

3

Data/midiinput.dll

windows11-21h2-x64

3

Data/move.bat

windows11-21h2-x64

1

Data/wallpaper.bat

windows11-21h2-x64

1

Data/window.dll

windows11-21h2-x64

3

DialogModule.dll

windows11-21h2-x64

3

ExecuteShell.dll

windows11-21h2-x64

3

FileDropper.dll

windows11-21h2-x64

3

Minecraft ...io.exe

windows11-21h2-x64

3

NBS Player Mode.bat

windows11-21h2-x64

3

NekoPresence.dll

windows11-21h2-x64

3

ffmpeg.exe

windows11-21h2-x64

3

ffprobe.exe

windows11-21h2-x64

3

pygml.dll

windows11-21h2-x64

3

python38.dll

windows11-21h2-x64

3

uninstall.exe

windows11-21h2-x64

7

window_set_icon.dll

windows11-21h2-x64

3

Analysis

  • max time kernel
    418s
  • max time network
    422s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240730-en
  • resource tags

    arch:x64arch:x86image:win11-20240730-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    01-08-2024 20:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Data/audio.dll

  • Size

    9.9MB

  • MD5

    48281fa7cef5e979bdad2033ca01597e

  • SHA1

    dbe549038db219f5c5b075f69c747d5d561b694c

  • SHA256

    6c57a4dcbe8fcefbbf811df428c5b7ee5be2c40df0e242351f7c627f772725d4

  • SHA512

    3c9285071db125ef6ef093e8ed96effac74ce9edc4c7d069bb013b554731af4728b9e67383eb62009727bf9ed35b1462cd892aea3a72a28395c2e7da7164891b

  • SSDEEP

    196608:DDncxWiAxJ2m30iXVGkjZTClgozl7i8gYTT6zMWGtbuZNS97kUAwkpPWoYK3:fLiAxJ2m30iXVGkdTC5xgYTT6zBGtbu5

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Data\audio.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5024
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Data\audio.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3492
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 468
        3⤵
        • Program crash
        PID:2280
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3492 -ip 3492
    1⤵
      PID:1056

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads