Overview

overview

6

Static

static

3

WutheringW....0.exe

windows10-ltsc 2021-x64

6

$PLUGINSDI...ki.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...re.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...ui.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...rk.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...vg.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...ts.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...em.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...40.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...on.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...if.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...ns.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...co.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...eg.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...vg.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI..._1.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...-3.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...rl.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI..._1.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...-3.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...40.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI..._1.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI..._2.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...ws.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...e3.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...le.dll

windows10-ltsc 2021-x64

3

$PLUGINSDI...ta.dll

windows10-ltsc 2021-x64

3

uninst.exe

windows10-ltsc 2021-x64

4

vccorlib140.dll

windows10-ltsc 2021-x64

1

vcruntime140.dll

windows10-ltsc 2021-x64

1

vcruntime140_1.dll

windows10-ltsc 2021-x64

1

zlibwapi.dll

windows10-ltsc 2021-x64

1

Analysis

  • max time kernel
    1360s
  • max time network
    1427s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-de
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-delocale:de-deos:windows10-ltsc 2021-x64systemwindows
  • submitted
    17/11/2024, 11:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/libcurl.dll

  • Size

    460KB

  • MD5

    fe5e6aecb98bbcb2cb0e826526dea007

  • SHA1

    936f0e2ade5a909e714c307c1e2aa2702f1e464c

  • SHA256

    ec5f18199dc57130082315bfb6baedb8614da92ae256019a30b5880dded9ae47

  • SHA512

    7ae9fa473e612791a606f6fd7043a5385b3b4eb3bc612652c05d8520d2b2f766232c03de436636362c60b08cbdfec919a35dc07075b2877753ca4779c9cdf0d1

  • SSDEEP

    6144:I4qgLAB0rrD9mvNqespJ9Y0wf1z9oBVePEZuRblbcLx9v0Q076ImWcuUVm2r:I4qgLAB6uqDpPYRfRmBUPEZOYL5nGOmO

Score
3/10
discovery

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\libcurl.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:220
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\libcurl.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:5068
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 640
        3⤵
        • Program crash
        PID:3752
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5068 -ip 5068
    1⤵
      PID:1824

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads