Overview

overview

9

Static

static

3

Wiresharkw...14.exe

windows7-x64

9

Wiresharkw...14.exe

windows10-2004-x64

9

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

WinPcap_4_1_3.exe

windows7-x64

7

WinPcap_4_1_3.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

$SYSDIR/Packet.dll

windows7-x64

3

$SYSDIR/Packet.dll

windows10-2004-x64

3

$SYSDIR/pthreadVC.dll

windows7-x64

3

$SYSDIR/pthreadVC.dll

windows10-2004-x64

3

$SYSDIR/wpcap.dll

windows7-x64

3

$SYSDIR/wpcap.dll

windows10-2004-x64

3

WinPcapInstall.dll

windows7-x64

3

WinPcapInstall.dll

windows10-2004-x64

3

rpcapd.exe

windows7-x64

1

rpcapd.exe

windows10-2004-x64

3

WinSparkle.dll

windows7-x64

3

WinSparkle.dll

windows10-2004-x64

3

Wireshark.exe

windows7-x64

3

Wireshark.exe

windows10-2004-x64

3

comerr32.dll

windows7-x64

3

comerr32.dll

windows10-2004-x64

3

console.js

windows7-x64

3

console.js

windows10-2004-x64

3

dumpcap.exe

windows7-x64

3

dumpcap.exe

windows10-2004-x64

3

dumpcap.html

windows7-x64

3

dumpcap.html

windows10-2004-x64

3

Analysis

  • max time kernel
    93s
  • max time network
    143s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-09-2024 18:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    WinSparkle.dll

  • Size

    1.1MB

  • MD5

    ac1deea0eb1607e5877ac91b1d7b01f0

  • SHA1

    05cb1f553f6fcbc1fbd1575d1f9b38b791fdbefc

  • SHA256

    1acc4bc19c548b4f9eabd5d48618016d8ab1319a275ad279fc56c65c9cbd3fd1

  • SHA512

    4a723d0fa39b06c6b47f29cd3f57ebde7eb604a9fd629e1ab47b3049139a9182c8dafe3b77e2fab77ad4d982a3bf40169ad56a6311fd1dcf3b50bdbec972b3cb

  • SSDEEP

    24576:JeqLkelLuPdSLHkhalYC0tcKdGzjW+QvP+MIb8xBouw8xi7djrRF:zUdS4hu4cKdGnQ1Ib8xBouw8xi9NF

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\WinSparkle.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4728
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\WinSparkle.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:2672
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 728
        3⤵
        • Program crash
        PID:4640
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2672 -ip 2672
    1⤵
      PID:1428

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads