Overview

overview

7

Static

static

7

freewb5.exe

windows7-x64

7

freewb5.exe

windows10-2004-x64

7

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

UninstallIME.exe

windows7-x64

7

UninstallIME.exe

windows10-2004-x64

7

freewb.dll

windows7-x64

3

freewb.dll

windows10-2004-x64

3

freewb.htm

windows7-x64

3

freewb.htm

windows10-2004-x64

3

freewb.dll

windows7-x64

4

freewb.dll

windows10-2004-x64

4

plugin/QueryEx.dll

windows7-x64

3

plugin/QueryEx.dll

windows10-2004-x64

3

plugin/command.dll

windows7-x64

3

plugin/command.dll

windows10-2004-x64

3

plugin/date.dll

windows7-x64

3

plugin/date.dll

windows10-2004-x64

3

plugin/queryex.dll

windows7-x64

3

plugin/queryex.dll

windows10-2004-x64

3

registry.exe

windows7-x64

7

registry.exe

windows10-2004-x64

5

uninst.exe

windows7-x64

7

uninst.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    137s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/08/2024, 08:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    plugin/command.dll

  • Size

    24KB

  • MD5

    aba7801538d8012d87bebb04d125bfa2

  • SHA1

    fb15139d432313e5c78e82bf56c8515bb86a0826

  • SHA256

    251089c9da8d4047d669ef039628b2be0500c2b622f1d8a0d50ad9eeb754aa6b

  • SHA512

    51c6301d73a87a0b1a57b9a197d253f975b74d3fe290fc0a7eed54418dc4a150bc99aed3a8e52e2c4d99b9ac5095151e3e378de9cd3a14ca928f02ceed3a27d9

  • SSDEEP

    192:X7EoGyGg+nHnLNgTXioezXE8vgRCEc/X:XNGyqnLCTXi/XETq

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\plugin\command.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4680
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\plugin\command.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2836
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 644
        3⤵
        • Program crash
        PID:1204
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2836 -ip 2836
    1⤵
      PID:3984

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads