Analysis
-
max time kernel
91s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/09/2024, 03:58
General
-
Target
$PLUGINSDIR/boqyspd.dll
-
Size
158KB
-
MD5
87ea5f2c6920d573ff040352417672ac
-
SHA1
53a30f62beb9dc08c7e1e9f724b63042609429da
-
SHA256
0690219379518dc52aadc714a43a3d17a0e3009d93077645e88a15eebbe0ac9f
-
SHA512
fc117240040b40dd770dc152bb4463dac74b1097b1a222a95fb1a7ad44ff8162a3cac6e033bb2b16fbbe59b4494824f0ddd03a3c9cae8e03a3d7297dfa2ccef4
-
SSDEEP
3072:GGiYa/t1XNLiM/rCaZc+jepsyfYAt0+2l:Fgt/TCaKltEl
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\boqyspd.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\boqyspd.dll,#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 6003⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 3540 -ip 35401⤵