Overview

overview

7

Static

static

3

c78a060f90...18.exe

windows7-x64

7

c78a060f90...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.exe

windows7-x64

7

$PLUGINSDI...er.exe

windows10-2004-x64

7

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

3

$PLUGINSDI...se.dll

windows7-x64

3

$PLUGINSDI...se.dll

windows10-2004-x64

3

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDI...LL.dll

windows7-x64

3

$PLUGINSDI...LL.dll

windows10-2004-x64

3

$PLUGINSDI...on.dll

windows7-x64

3

$PLUGINSDI...on.dll

windows10-2004-x64

3

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDIR/Math.dll

windows7-x64

3

$PLUGINSDIR/Math.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$PLUGINSDI...ub.exe

windows7-x64

7

$PLUGINSDI...ub.exe

windows10-2004-x64

7

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDI...se.rtf

windows7-x64

4

$PLUGINSDI...se.rtf

windows10-2004-x64

1

$PLUGINSDI...ib.dll

windows7-x64

3

$PLUGINSDI...ib.dll

windows10-2004-x64

3

$PLUGINSDI...BL.rtf

windows7-x64

4

$PLUGINSDI...BL.rtf

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    28/08/2024, 19:52 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/Math.dll

  • Size

    66KB

  • MD5

    b140459077c7c39be4bef249c2f84535

  • SHA1

    c56498241c2ddafb01961596da16d08d1b11cd35

  • SHA256

    0598f7d83db44929b7170c1285457b52b4281185f63ced102e709bf065f10d67

  • SHA512

    fbcb19a951d96a216d73b6b3e005338bbb6e11332c6cc8c3f179ccd420b4db0e5682dc4245bd120dcb67bc70960eab368e74c68c7c165a485a12a7d0d8a00328

  • SSDEEP

    1536:0P43WZ4Ql60gam+2MwRmPeqFVHbQH0ZZ1Iet:0wU609VMH0T/t

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Math.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2692
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\Math.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1932
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 224
        3⤵
        • Program crash
        PID:2696

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.