942cc155bee6c17d69c7bf6bb7dbcbf8e953faf157873b0909e17d7654ae96c8

Analysis

max time kernel
110s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
09/08/2024, 20:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

net6.0-windows/runtimes/win-x86/native/WebView2Loader.dll
Size

113KB
MD5

98758a7f39a9fb7af1312381f12914d6
SHA1

4ad4023b1b7675b4ef39328c8d965ab90fee7622
SHA256

7f553d4aa5386a0bdd31be80a4ebf20fe3e36def4ce0683ce052dff2523d6375
SHA512

176cf22a862450f8f502cfe1733041f1a3d7f01b82e38f794dd797525779859a330cfd0ab977bf73f83054c6326775cc42ff4700681cb6aaddf9a1515de5af17
SSDEEP

3072:pra5FYqJh7sXRq2KlsoiiaGgqeN5vTowjEtJlAl+lR4fmv:9YYqJh4g0Pi65EtJe0z2m

Score

6^/10

discovery

Malware Config

Signatures

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1112	4144	WerFault.exe	82

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 4144	760	rundll32.exe	82
PID 760 wrote to memory of 4144	760	rundll32.exe	82
PID 760 wrote to memory of 4144	760	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\net6.0-windows\runtimes\win-x86\native\WebView2Loader.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\net6.0-windows\runtimes\win-x86\native\WebView2Loader.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4144
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 448
    3⤵
    - Program crash
    PID:1112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4144 -ip 4144
1⤵
PID:4428

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Share Discovery

T1135

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads