Overview

overview

7

Static

static

7

cfd3458a2a...18.exe

windows7-x64

7

cfd3458a2a...18.exe

windows10-2004-x64

7

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...nu.dll

windows7-x64

3

$PLUGINSDI...nu.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...er.dll

windows7-x64

3

$PLUGINSDI...er.dll

windows10-2004-x64

3

$PLUGINSDI...ll.dll

windows7-x64

7

$PLUGINSDI...ll.dll

windows10-2004-x64

7

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$_43_/Modu...oc.dll

windows7-x64

3

$_43_/Modu...oc.dll

windows10-2004-x64

3

$_43_/Modu...es.dll

windows7-x64

3

$_43_/Modu...es.dll

windows10-2004-x64

3

$_43_/Modu...ec.dll

windows7-x64

3

$_43_/Modu...ec.dll

windows10-2004-x64

3

$_43_/RtHelp.exe

windows7-x64

3

$_43_/RtHelp.exe

windows10-2004-x64

3

$_43_/msvcp110.dll

windows7-x64

3

$_43_/msvcp110.dll

windows10-2004-x64

3

$_43_/msvcr110.dll

windows7-x64

3

$_43_/msvcr110.dll

windows10-2004-x64

3

Games Bot.exe

windows7-x64

6

Games Bot.exe

windows10-2004-x64

6

Modules/7z.dll

windows7-x64

3

Modules/7z.dll

windows10-2004-x64

3

Modules/CmdProc.dll

windows7-x64

3

Modules/CmdProc.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    06-09-2024 15:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/UpdHelper.dll

  • Size

    133KB

  • MD5

    452ce0b8d77359961b7918cbb98a4dba

  • SHA1

    4d14210d41ac4ee0d3644dbdb35822d6bd28c126

  • SHA256

    6e5f58aac49eb4662467f301309fc1b85d588fa71ab281dc8cd57b22850ed7e4

  • SHA512

    d7300aab2ef365310334ccf7781f9e1d0b38709f3f740ac4267215b1a8bfcf5889ae72a83fa986ea0542622ce348982beaa17b3ee3c10a67e8dab32cb9aa8d7c

  • SSDEEP

    1536:zh4urXX51BB1Yha4+Tb9wrCz33zl7e7okmkeIgt2I/j1bE6c+PsWjcdEMh75+8n8:zxXXn1XhwMT90t3MS7EM5+8nxkkC

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UpdHelper.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2120
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UpdHelper.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1920
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 308
        3⤵
        • Program crash
        PID:1668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads