Overview

overview

10

Static

static

10

Feather Boostrap.exe

windows7-x64

7

Feather Boostrap.exe

windows10-2004-x64

8

NVUnityPlugin.dll

windows7-x64

1

NVUnityPlugin.dll

windows10-2004-x64

1

nvngx_dlss.dll

windows7-x64

1

nvngx_dlss.dll

windows10-2004-x64

1

winmm.dll

windows7-x64

1

winmm.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    31-12-2024 23:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    nvngx_dlss.dll

  • Size

    33.7MB

  • MD5

    e557b8eb18fbd710f82073d9f6fa55a9

  • SHA1

    ae66acaa9118c24f4c0c2bbde6f595604335bc7d

  • SHA256

    6a12400beedef26ad8a3baca8dde2c6a5859942ce9ae14f78a07f7a87f883321

  • SHA512

    f8782fc0cae98291f61f9f43368190ccaaf2f7bd066638599f0d15c6dac0a8e96582d2890bbd3a20ad0b0912449eabada9a68163d13965ebecb4ab1b8f7d6e95

  • SSDEEP

    786432:GlP1qWKMJWs/THQ1qfKds/CJDimkNAFaIwW0WaBHaxuf1IVZ:GB03MJWs/Tw0Cds/CJDimO3IwJWEcudw

Score
1/10

Malware Config

Signatures

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\nvngx_dlss.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 1944 -s 88
      2⤵
        PID:1804

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads