Overview

overview

8

Static

static

3

f80bc12ffe...51.exe

windows7-x64

8

f80bc12ffe...51.exe

windows10-2004-x64

8

kcinst.exe

windows7-x64

1

kcinst.exe

windows10-2004-x64

1

kcinst32.dll

windows7-x64

1

kcinst32.dll

windows10-2004-x64

1

letsvpn-latest.exe

windows7-x64

8

letsvpn-latest.exe

windows10-2004-x64

8

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$PLUGINSDI...ec.dll

windows7-x64

3

$PLUGINSDI...ec.dll

windows10-2004-x64

3

$PLUGINSDI...ss.dll

windows7-x64

3

$PLUGINSDI...ss.dll

windows10-2004-x64

3

driver/tap0901.sys

windows10-2004-x64

1

driver/tapinstall.exe

windows7-x64

1

driver/tapinstall.exe

windows10-2004-x64

1

libCLI.dll

windows7-x64

1

libCLI.dll

windows10-2004-x64

1

msvcp140.dll

windows7-x64

1

msvcp140.dll

windows10-2004-x64

1

vcruntime140.dll

windows7-x64

1

vcruntime140.dll

windows10-2004-x64

1

vcruntime140_1.dll

windows7-x64

1

vcruntime140_1.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    19/11/2024, 14:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    vcruntime140_1.dll

  • Size

    49KB

  • MD5

    f498619721756332ef731f1b72b7f29e

  • SHA1

    5beb1e7f35c33bf636cf1a336b3a02a6f02b0394

  • SHA256

    fd1cc0c1287caf736c7e1e4d9aee80fd74cfdfa52563ddd126c03f45542d45b6

  • SHA512

    ce98577b8783a6b0305ede64811b6a8e094a237589530cb0cbc3af3530d5503f3bf5abaa2b2abcf38f2d3588d5e54f2a322ff78ea8296f0327627eea0da5a8cd

  • SSDEEP

    768:PECm5yhUcwrHY/ntTxT6ovF7Iyw4Bl9ziKxnVbgvqxN5UNK/Y/+2d:bOHc16opIyw4B3ziKxnKvKN5UNK/W

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\vcruntime140_1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2432
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2432 -s 80
      2⤵
        PID:1880

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads