Overview

overview

7

Static

static

3

lmms-1.2.2-win64.exe

windows7-x64

7

lmms-1.2.2-win64.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

Qt5Core.dll

windows7-x64

1

Qt5Core.dll

windows10-2004-x64

1

Qt5Gui.dll

windows7-x64

1

Qt5Gui.dll

windows10-2004-x64

1

Qt5Widgets.dll

windows7-x64

1

Qt5Widgets.dll

windows10-2004-x64

1

Qt5Xml.dll

windows7-x64

1

Qt5Xml.dll

windows10-2004-x64

1

SDL.dll

windows7-x64

1

SDL.dll

windows10-2004-x64

1

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

libFLAC-8.dll

windows7-x64

1

libFLAC-8.dll

windows10-2004-x64

1

libfftw3f-3.dll

windows7-x64

1

libfftw3f-3.dll

windows10-2004-x64

1

libfltk.dll

windows7-x64

1

libfltk.dll

windows10-2004-x64

1

libfluidsynth.dll

windows7-x64

1

libfluidsynth.dll

windows10-2004-x64

1

libgig-6.dll

windows7-x64

1

libgig-6.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    186s
  • max time network
    193s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/08/2024, 21:43

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/UserInfo.dll

  • Size

    6KB

  • MD5

    7f780de67db61a924bebc0cafaded3ad

  • SHA1

    3ac359dce08ceff16e4214fe45d83fdc8e3f2e1a

  • SHA256

    9931a2f8bb44b92ff26062b99cbb6e41ed1cfad65079dec5d6d9c006223bd121

  • SHA512

    8378f04b6f5085e887ed46874414e5681f0ecb6889dbaa25eb78f75112d4be603aef8dec6a2a81857a19978f6ccf07d65d566ff3f0943da809de22599ffdd8f2

  • SSDEEP

    48:6qX08pwehWTmk61T+8tH1GNO/icjsgnFp8hKAYKFaLDzzDz/xRe2v1e:GkwehWn6086+sgnchKAYKFafzf60

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UserInfo.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4812
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UserInfo.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:32
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 32 -s 624
        3⤵
        • Program crash
        PID:2036
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 32 -ip 32
    1⤵
      PID:1440
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\Desktop\RequestResize.docx" /o ""
      1⤵
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:4304

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\TCDD649.tmp\iso690.xsl
      Filesize

      263KB

      MD5

      ff0e07eff1333cdf9fc2523d323dd654

      SHA1

      77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

      SHA256

      3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

      SHA512

      b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
      Filesize

      308B

      MD5

      dbc245ea24fb07bd83ac31b33bb5c39e

      SHA1

      214268a2e21cb03bcf3427e3b7159e997ab5daa5

      SHA256

      f4654867f6cdf6f866ed46cdf4924e35541c46767ddf8e1f07535cebb48e985b

      SHA512

      19fe859d02a1ed1850c19ebc535b4f30594f10a0171cc2945179ecefa000f8f6e3ac3e4da091550d121bc9a470b4234ea05b98ef58ba33b1cd681dbfda61de11

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex
      Filesize

      2B

      MD5

      f3b25701fe362ec84616a93a45ce9998

      SHA1

      d62636d8caec13f04e28442a0a6fa1afeb024bbb

      SHA256

      b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

      SHA512

      98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
      Filesize

      1KB

      MD5

      adb99eed07886d1313b86668dcbae0f9

      SHA1

      374758e1f0a724379e0afdbe63bcfb7daa117350

      SHA256

      df490d2d2826769823db0dc4f25bbe86485ae6e83446dfec6bca18da874c90a9

      SHA512

      2fc8bc052a2817c1563145092bc181096f668f2337ac1674fbe00047e6eba2565ab5a20ea73ec2cf0820b85c177beabe0de8adb67d9fa660ddad3dfe1990543d

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
      Filesize

      1KB

      MD5

      4e0bf34139b1b40fd97abddc1327771c

      SHA1

      61a8b1d0a8b3efca1665a22053f730b468375950

      SHA256

      6901f843bc302d44dde136dd67df8695385be23cc4786cba989819157698d33a

      SHA512

      cb7585e0b6e67be6a227e9667270551224a0c28878d6a71a756b9e9e7a4ed359a9101eae4451dcc2a861ddf43f77d29a5b67b1f12ba0ba69647c53005e8f4330

      Download Submit

    • memory/32-0-0x0000000065180000-0x0000000065188000-memory.dmp

      Filesize

      32KB

      Download

    • memory/4304-7-0x00007FFBE29D0000-0x00007FFBE2BC5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4304-17-0x00007FFBE29D0000-0x00007FFBE2BC5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4304-10-0x00007FFBE29D0000-0x00007FFBE2BC5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4304-8-0x00007FFBE29D0000-0x00007FFBE2BC5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4304-12-0x00007FFBE29D0000-0x00007FFBE2BC5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4304-11-0x00007FFBE29D0000-0x00007FFBE2BC5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4304-4-0x00007FFBA2A50000-0x00007FFBA2A60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4304-14-0x00007FFBE29D0000-0x00007FFBE2BC5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4304-13-0x00007FFBA07E0000-0x00007FFBA07F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4304-15-0x00007FFBE29D0000-0x00007FFBE2BC5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4304-16-0x00007FFBE29D0000-0x00007FFBE2BC5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4304-9-0x00007FFBE29D0000-0x00007FFBE2BC5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4304-18-0x00007FFBA07E0000-0x00007FFBA07F0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4304-19-0x00007FFBE29D0000-0x00007FFBE2BC5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4304-20-0x00007FFBE29D0000-0x00007FFBE2BC5000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4304-6-0x00007FFBE2A6D000-0x00007FFBE2A6E000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4304-5-0x00007FFBA2A50000-0x00007FFBA2A60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4304-2-0x00007FFBA2A50000-0x00007FFBA2A60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4304-3-0x00007FFBA2A50000-0x00007FFBA2A60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4304-1-0x00007FFBA2A50000-0x00007FFBA2A60000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4304-303-0x00007FFBE29D0000-0x00007FFBE2BC5000-memory.dmp

      Filesize

      2.0MB

      Download