Overview

overview

7

Static

static

3

Crazy Erro...er.exe

windows7-x64

7

Crazy Erro...er.exe

windows10-2004-x64

7

Python.Runtime.dll

windows7-x64

1

Python.Runtime.dll

windows10-2004-x64

1

VCRUNTIME140.dll

windows7-x64

3

VCRUNTIME140.dll

windows10-2004-x64

3

_asyncio.dll

windows7-x64

3

_asyncio.dll

windows10-2004-x64

3

_bz2.dll

windows7-x64

3

_bz2.dll

windows10-2004-x64

3

_ctypes.dll

windows7-x64

3

_ctypes.dll

windows10-2004-x64

3

_decimal.dll

windows7-x64

3

_decimal.dll

windows10-2004-x64

3

_elementtree.dll

windows7-x64

3

_elementtree.dll

windows10-2004-x64

3

_hashlib.dll

windows7-x64

3

_hashlib.dll

windows10-2004-x64

3

_lzma.dll

windows7-x64

3

_lzma.dll

windows10-2004-x64

3

_multiprocessing.dll

windows7-x64

3

_multiprocessing.dll

windows10-2004-x64

3

_overlapped.dll

windows7-x64

3

_overlapped.dll

windows10-2004-x64

3

_queue.dll

windows7-x64

3

_queue.dll

windows10-2004-x64

3

_ssl.dll

windows7-x64

3

_ssl.dll

windows10-2004-x64

3

_testcapi.dll

windows7-x64

3

_testcapi.dll

windows10-2004-x64

3

_tkinter.dll

windows7-x64

3

_tkinter.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    29/08/2024, 01:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    _overlapped.dll

  • Size

    37KB

  • MD5

    411d94ed7a9332b30f7679f03abea320

  • SHA1

    53099a8114b41d82cbb1fffa427d7666583d2c1d

  • SHA256

    0fbb74da4ecddf1a18663a31f64c52d169e7c102d5e8dbe288e8b30df8e34598

  • SHA512

    e142fcd4877e97fe812d08b1939b467dada365be974391a25a37166ec8711e89d2e5ed02fde4571d2e89476ac275eed5943f65a8c2240227618fd02f676bdeaf

  • SSDEEP

    768:3u7xuQeN43zIRCJ7no8IYZp0qEbNA1B51IhJtiQWDG4yEs:3EBG43zIqLLWqEbNUB51IhJtiyEs

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\_overlapped.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2448
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\_overlapped.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1924
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 220
        3⤵
        • Program crash
        PID:2116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.