Overview
overview
10Static
static
3tera1.zip
windows10-2004-x64
100a4scandoc.exe
windows10-2004-x64
107z.dll
windows10-2004-x64
3AppointmentApis.dll
windows10-2004-x64
1Microsoft....ty.dll
windows10-2004-x64
1WINSSNAP.dll
windows10-2004-x64
1appraiser.dll
windows10-2004-x64
1msvcr100.dll
windows10-2004-x64
3wlanpref.dll
windows10-2004-x64
1wxmsw32u_x...om.dll
windows10-2004-x64
1Analysis
-
max time kernel
90s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
04/09/2024, 20:56
Static task
static1
Behavioral task
behavioral1
Sample
tera1.zip
Resource
win10v2004-20240802-en
Behavioral task
behavioral2
Sample
0a4scandoc.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
7z.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
AppointmentApis.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Microsoft.PowerShell.Commands.Utility.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral6
Sample
WINSSNAP.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
appraiser.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral8
Sample
msvcr100.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
wlanpref.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral10
Sample
wxmsw32u_xrc_gcc_custom.dll
Resource
win10v2004-20240802-en
General
-
Target
msvcr100.dll
-
Size
750KB
-
MD5
2b92a88e329f4845d31941967a3baa90
-
SHA1
bbf341e7ed9947de0b5d84d93ca0bc4c8beb5500
-
SHA256
649a7ab8e3b5c0940812e40eafc8f004979bb48bfc8f4bc7db9f2cbcdd715344
-
SHA512
b94862e3f516402317a5467c6e0ff3dd23a967d90dae87dec1687157e43978c2d73c24fee71b4febeada54bb433ea4fcd16568d02fde1c4f9f50f6d7ba02408a
-
SSDEEP
12288:dmCy3GUj/QGrB4F+FVW1rWNivf9JNxpEtwIy2i3Hlr0n1:dmCy3LQA4F8U1rWNivf9hpEam1
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3580 3388 WerFault.exe 84 -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3992 wrote to memory of 3388 3992 rundll32.exe 84 PID 3992 wrote to memory of 3388 3992 rundll32.exe 84 PID 3992 wrote to memory of 3388 3992 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\msvcr100.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3992 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\msvcr100.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:3388 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 6003⤵
- Program crash
PID:3580
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3388 -ip 33881⤵PID:316