Overview

overview

10

Static

static

5

Raid_Recovery.exe

windows7-x64

7

Raid_Recovery.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

Alligator.exe

windows7-x64

5

Alligator.exe

windows10-2004-x64

5

MIG_29.dll

windows7-x64

3

MIG_29.dll

windows10-2004-x64

3

PascalStreams.dll

windows7-x64

3

PascalStreams.dll

windows10-2004-x64

3

StarBurn.dll

windows7-x64

3

StarBurn.dll

windows10-2004-x64

3

Uninstall.exe

windows7-x64

7

Uninstall.exe

windows10-2004-x64

7

$PLUGINSDI...ns.dll

windows7-x64

3

$PLUGINSDI...ns.dll

windows10-2004-x64

3

bs_load.dll

windows7-x64

3

bs_load.dll

windows10-2004-x64

3

bs_wm.dll

windows7-x64

3

bs_wm.dll

windows10-2004-x64

3

i386/CbFsMntNtf3.dll

windows7-x64

10

i386/CbFsMntNtf3.dll

windows10-2004-x64

10

i386/CbFsNetRdr3.dll

windows7-x64

3

i386/CbFsNetRdr3.dll

windows10-2004-x64

3

i386/cbfs3.sys

windows7-x64

1

i386/cbfs3.sys

windows10-2004-x64

1

ia64/CbFsMntNtf3.dll

windows7-x64

1

ia64/CbFsMntNtf3.dll

windows10-2004-x64

1

ia64/CbFsNetRdr3.dll

windows7-x64

1

ia64/CbFsNetRdr3.dll

windows10-2004-x64

1

wow64sup.exe

windows7-x64

1

wow64sup.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    08-11-2024 12:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    i386/CbFsNetRdr3.dll

  • Size

    211KB

  • MD5

    06cab63531728cd07c4d338f65bd89bd

  • SHA1

    d384dbe90d710b0b568d5ab3b418912699663ce2

  • SHA256

    85a43ad4075ce9051f8fc9dfbda983da84e337803e6463fec4467c6147034b0e

  • SHA512

    95ddb6c1b9b79ff72a65a2ccfb841f431692a8db1eacc758a7e5b98a21ea0ae77be2cff1d182a5eec283f7feabfd28dfec1eaa9b59798f8476dd7187b6a6cf41

  • SSDEEP

    3072:ihvQV83s8dx3sKUKZ/TpWQYlbrThbdgtL6PZLie/eGbUCVmTzrr2h40qkISFDCtl:iGV8933UKvNqTYgPoGQNEZFW

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\i386\CbFsNetRdr3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:640
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\i386\CbFsNetRdr3.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3616
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 644
        3⤵
        • Program crash
        PID:3668
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3616 -ip 3616
    1⤵
      PID:4420

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads