Overview

overview

3

Static

static

3

turbowarp-...64.dll

windows10-2004-x64

1

turbowarp-...64.dll

windows10-2004-x64

1

turbowarp-...64.dll

windows10-2004-x64

1

turbowarp-...64.dll

windows10-2004-x64

1

turbowarp-...64.dll

windows10-2004-x64

1

turbowarp-...40.dll

windows10-2004-x64

1

turbowarp-..._1.dll

windows10-2004-x64

1

turbowarp-...re.dll

windows10-2004-x64

1

turbowarp-...us.dll

windows10-2004-x64

1

turbowarp-...ui.dll

windows10-2004-x64

1

turbowarp-...rk.dll

windows10-2004-x64

1

turbowarp-...ml.dll

windows10-2004-x64

1

turbowarp-...ls.dll

windows10-2004-x64

1

turbowarp-...ck.dll

windows10-2004-x64

1

turbowarp-...vg.dll

windows10-2004-x64

1

turbowarp-...re.dll

windows10-2004-x64

1

turbowarp-...up.exe

windows10-2004-x64

3

turbowarp-...dr.exe

windows10-2004-x64

3

turbowarp-...ip.dll

windows10-2004-x64

3

turbowarp-...ip.dll

windows10-2004-x64

3

turbowarp-...aq.url

windows10-2004-x64

3

turbowarp-...ma.dll

windows10-2004-x64

3

turbowarp-...32.exe

windows10-2004-x64

3

turbowarp-...64.exe

windows10-2004-x64

1

turbowarp-...nt.dll

windows10-2004-x64

3

turbowarp-...ib.dll

windows10-2004-x64

3

turbowarp-...ib.dll

windows10-2004-x64

3

turbowarp-...ew.htm

windows10-2004-x64

3

turbowarp-...86.exe

windows10-2004-x64

3

turbowarp-...se.dll

windows10-2004-x64

1

turbowarp-...ta.dll

windows10-2004-x64

1

turbowarp-...as.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    150s
  • max time network
    129s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-08-2024 11:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    turbowarp-packager-extras/_internal/third-party/inno/isbunzip.dll

  • Size

    34KB

  • MD5

    c6ae924ad02500284f7e4efa11fa7cfc

  • SHA1

    2a7770b473b0a7dc9a331d017297ff5af400fed8

  • SHA256

    31d04c1e4bfdfa34704c142fa98f80c0a3076e4b312d6ada57c4be9d9c7dcf26

  • SHA512

    f321e4820b39d1642fc43bf1055471a323edcc0c4cbd3ddd5ad26a7b28c4fb9fc4e57c00ae7819a4f45a3e0bb9c7baa0ba19c3ceedacf38b911cdf625aa7ddae

  • SSDEEP

    768:Z4NHPfHCs6GNOpiM+RFjFyzcN23A4F+OiR9riuujF+X4UriXiRF:Zanvc+R9F4s8/RiPWuUs4UWXiv

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\turbowarp-packager-extras\_internal\third-party\inno\isbunzip.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2292
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\turbowarp-packager-extras\_internal\third-party\inno\isbunzip.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:5040
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 600
        3⤵
        • Program crash
        PID:3396
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 5040 -ip 5040
    1⤵
      PID:4764

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads