Analysis
-
max time kernel
93s -
max time network
139s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
11/09/2024, 04:25
General
-
Target
$PLUGINSDIR/cgorwhu.dll
-
Size
169KB
-
MD5
a0e9758e5979c687e8dbec04b9cff95c
-
SHA1
069843d60e843a1077c3771fae110c95505551c3
-
SHA256
a2af2a83fc786205c6d4b40b31acddf7741d4413ffa61437d3c81f9361588284
-
SHA512
a1d93d1fc40adaeb989a46aa3387e452e2dfb65f33ffb1e21da43eb36a80c674bc2633001de6c03a0980a5181ec499204d11c6ce4a882ce16d3bc95be93dc641
-
SSDEEP
1536:GwRr4NMVOOse3XI+8J7SR4Lsu0+SO8Fd9CNKE8trmSY4Vc3pgmY35V1NU3oL+3cp:GUr4Ny3wymgbNVcSmY03C+CwUzEmWOj
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\cgorwhu.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\cgorwhu.dll,#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 6003⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 892 -ip 8921⤵