Overview

overview

7

Static

static

3

antimicrox...64.exe

windows7-x64

7

antimicrox...64.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

1

$PLUGINSDI...ns.dll

windows10-2004-x64

1

$PLUGINSDI...nu.dll

windows7-x64

1

$PLUGINSDI...nu.dll

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

1

$PLUGINSDI...em.dll

windows10-2004-x64

1

$PLUGINSDI...fo.dll

windows7-x64

1

$PLUGINSDI...fo.dll

windows10-2004-x64

1

bin/Qt5Concurrent.dll

windows7-x64

1

bin/Qt5Concurrent.dll

windows10-2004-x64

1

bin/Qt5Core.dll

windows7-x64

1

bin/Qt5Core.dll

windows10-2004-x64

1

bin/Qt5Gui.dll

windows7-x64

1

bin/Qt5Gui.dll

windows10-2004-x64

1

bin/Qt5Network.dll

windows7-x64

1

bin/Qt5Network.dll

windows10-2004-x64

1

bin/Qt5Widgets.dll

windows7-x64

1

bin/Qt5Widgets.dll

windows10-2004-x64

1

bin/SDL2.dll

windows7-x64

1

bin/SDL2.dll

windows10-2004-x64

1

bin/antimicrox.exe

windows7-x64

1

bin/antimicrox.exe

windows10-2004-x64

1

bin/libEGL.dll

windows7-x64

1

bin/libEGL.dll

windows10-2004-x64

1

bin/libcry...64.dll

windows7-x64

1

bin/libcry...64.dll

windows10-2004-x64

1

bin/libgcc...-1.dll

windows7-x64

1

bin/libgcc...-1.dll

windows10-2004-x64

1

bin/libssl...64.dll

windows7-x64

1

bin/libssl...64.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    141s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    30-09-2024 23:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/UserInfo.dll

  • Size

    7KB

  • MD5

    5df25c042bdda748d1f396b4fe070ede

  • SHA1

    e470ebe89bd49373f4175b5cf796c49ca1ee9a4e

  • SHA256

    c9dd715d31c8cdf763f5edc92b8228df617bc528d7f558d6e531434c62a4b37b

  • SHA512

    29bfd4d17200286bb84b9956f21f43aa8ae470870835064d60f2de2ef535535115c17a7bce75935518c0aec18db4bde700740d4b7227ba18a34ac57bbaa4657f

  • SSDEEP

    96:8MaRo52x1kO2TPrdKX9zv+WI7jjPC2gwvTlQordUyJWRI:uRO7DJKX9zvmTDTlQ

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\UserInfo.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1860
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1860 -s 88
      2⤵
        PID:1740

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1860-0-0x000007FEFB950000-0x000007FEFB959000-memory.dmp

      Filesize

      36KB

      Download