Overview
overview
10Static
static
10Primordial...ix.bat
windows10-1703-x64
1Primordial...GL.dll
windows10-1703-x64
3Primordial...v2.dll
windows10-1703-x64
3Primordial...et.dll
windows10-1703-x64
3Primordial...nt.dll
windows10-1703-x64
3Primordial..._1.dll
windows10-1703-x64
3Primordial...32.dll
windows10-1703-x64
3Primordial...-1.dll
windows10-1703-x64
3Primordial...-1.dll
windows10-1703-x64
1Primordial..._1.dll
windows10-1703-x64
3Primordial...-6.dll
windows10-1703-x64
3Primordial...-1.dll
windows10-1703-x64
3Primordial...sw.dll
windows10-1703-x64
3Primordial...in.dll
windows10-1703-x64
3Primordial...ix.dll
windows10-1703-x64
1Primordial...al.exe
windows10-1703-x64
10Primordial...or.dll
windows10-1703-x64
1Analysis
-
max time kernel
14s -
max time network
18s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
15-10-2024 00:23
Behavioral task
behavioral1
Sample
Primordial/FIX/fix.bat
Resource
win10-20240404-en
Behavioral task
behavioral2
Sample
Primordial/FIX/libEGL.dll
Resource
win10-20240404-en
Behavioral task
behavioral3
Sample
Primordial/FIX/libGLESv2.dll
Resource
win10-20240611-en
Behavioral task
behavioral4
Sample
Primordial/FIX/libQt-Secret.dll
Resource
win10-20240404-en
Behavioral task
behavioral5
Sample
Primordial/FIX/libQtBigint.dll
Resource
win10-20240404-en
Behavioral task
behavioral6
Sample
Primordial/FIX/libcrypto-1_1.dll
Resource
win10-20240404-en
Behavioral task
behavioral7
Sample
Primordial/FIX/libeay32.dll
Resource
win10-20240404-en
Behavioral task
behavioral8
Sample
Primordial/FIX/libgcc_s_dw2-1.dll
Resource
win10-20240404-en
Behavioral task
behavioral9
Sample
Primordial/FIX/libgcc_s_seh-1.dll
Resource
win10-20240611-en
Behavioral task
behavioral10
Sample
Primordial/FIX/libssl-1_1.dll
Resource
win10-20240404-en
Behavioral task
behavioral11
Sample
Primordial/FIX/libstdc++-6.dll
Resource
win10-20240404-en
Behavioral task
behavioral12
Sample
Primordial/FIX/libwinpthread-1.dll
Resource
win10-20240404-en
Behavioral task
behavioral13
Sample
Primordial/FIX/opengl32sw.dll
Resource
win10-20240404-en
Behavioral task
behavioral14
Sample
Primordial/FIX/qtquick2plugin.dll
Resource
win10-20240404-en
Behavioral task
behavioral15
Sample
Primordial/FIX/steamfix.dll
Resource
win10-20240404-en
Behavioral task
behavioral16
Sample
Primordial/Primordial.exe
Resource
win10-20240611-en
Behavioral task
behavioral17
Sample
Primordial/injector.dll
Resource
win10-20240404-en
General
-
Target
Primordial/FIX/libssl-1_1.dll
-
Size
924KB
-
MD5
8a7d58e6c9c4d25c84dee3c64d027974
-
SHA1
3e3c8218cc2cec46b1aa550f126fba564a94c9df
-
SHA256
68f64b6d4d77c704d3caee3dd97e8cababd8717f5c764f8d1b919697ddfc7527
-
SHA512
b56a532c3d53e7d73d700f9b6dc5e790a78c048e5bb1522fe75dafb1d556a5594d7d07d75dea7ccab6ace7b3644f6a2947dbc6a6acdc3c2ddc7c807a92eea157
-
SSDEEP
24576:7UU0ODDlfQixG00OZclDZGXFu1UYaz99v0BAEjYkNN/OknUVQiQG7iiHh7IMwi:Z0V0GwZqAu1UYa7v0BAE8kNN/OknUZQO
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4944 wrote to memory of 3076 4944 rundll32.exe 75 PID 4944 wrote to memory of 3076 4944 rundll32.exe 75 PID 4944 wrote to memory of 3076 4944 rundll32.exe 75
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Primordial\FIX\libssl-1_1.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4944 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Primordial\FIX\libssl-1_1.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:3076
-