Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
09/10/2024, 10:02
General
-
Target
$PLUGINSDIR/CryptBinaries4.dll
-
Size
23KB
-
MD5
cc33034cde279e6dde91f637f01f549f
-
SHA1
0628772fc6a8d1653fe18aa81bb8c58498a3815e
-
SHA256
c58e430dd83b740a9df678365d96d77be6d9aaf438814b70142300cadf4ce3e6
-
SHA512
6e68b2280587c714bc1ae16f1267093f7accd55872eae68a0fca2759ab60522e517db82cfb55191a001d47131c1b1fb4ccc1cb33d5375bfc794fe3e145d0fb0a
-
SSDEEP
384:0C4qoa3WiphDgROnbbiVDDMnnS8Vz/mYJo2qgsuRd23GnR7NystQX0CmiVcKO:0wnG25Rd22nR7NyGQpmiiK
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CryptBinaries4.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\CryptBinaries4.dll,#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 6003⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 2864 -ip 28641⤵