Overview

overview

3

Static

static

3

SafeGuard/...rse.js

windows11-21h2-x64

3

SafeGuard/...gex.js

windows11-21h2-x64

3

SafeGuard/...ser.js

windows11-21h2-x64

3

SafeGuard/...rng.js

windows11-21h2-x64

3

SafeGuard/...ser.js

windows11-21h2-x64

3

SafeGuard/...ha1.js

windows11-21h2-x64

3

SafeGuard/...ify.js

windows11-21h2-x64

3

SafeGuard/...min.js

windows11-21h2-x64

3

SafeGuard/...min.js

windows11-21h2-x64

3

SafeGuard/...min.js

windows11-21h2-x64

3

SafeGuard/...min.js

windows11-21h2-x64

3

SafeGuard/...min.js

windows11-21h2-x64

3

SafeGuard/...min.js

windows11-21h2-x64

3

SafeGuard/...min.js

windows11-21h2-x64

3

SafeGuard/...min.js

windows11-21h2-x64

3

SafeGuard/...min.js

windows11-21h2-x64

3

SafeGuard/...min.js

windows11-21h2-x64

3

SafeGuard/...bin.js

windows11-21h2-x64

3

SafeGuard/.../v1.js

windows11-21h2-x64

3

SafeGuard/.../v3.js

windows11-21h2-x64

3

SafeGuard/...v35.js

windows11-21h2-x64

3

SafeGuard/.../v4.js

windows11-21h2-x64

3

SafeGuard/.../v5.js

windows11-21h2-x64

3

SafeGuard/...ate.js

windows11-21h2-x64

3

SafeGuard/...ion.js

windows11-21h2-x64

3

SafeGuard/...DME.js

windows11-21h2-x64

3

SafeGuard/...tor.js

windows11-21h2-x64

3

SafeGuard/...ist.js

windows11-21h2-x64

3

SafeGuard/nw.dll

windows11-21h2-x64

3

SafeGuard/nw_elf.dll

windows11-21h2-x64

3

SafeGuard/...er.dll

windows11-21h2-x64

3

SafeGuard/...-1.dll

windows11-21h2-x64

3

Analysis

  • max time kernel
    408s
  • max time network
    1135s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    03/09/2024, 03:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SafeGuard/nw_elf.dll

  • Size

    926KB

  • MD5

    c41046d1835ec3d1528ca00b5e7f3ef5

  • SHA1

    724022623b53fdebee292f0162abca7669ad1afa

  • SHA256

    dc36f6eadf8fe91702202f06b4b89f04f0affa5aa0d73b20d9a9a6e18fc32315

  • SHA512

    083d52ee402c2cd76ed5d3a2e64d0560d1481f7b340789f03f8e3a898533e9e1ada281cdaae2fa2b7730a7d8a5169fb335d959cd750b426e0f0711f685d72fd7

  • SSDEEP

    24576:nwpsqQ7ukXGFbb/c7R/ihFPKN2cfpvN0roN:nwS7ukXGtRhF+pvN0roN

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\SafeGuard\nw_elf.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1348
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\SafeGuard\nw_elf.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads