Analysis

  • max time kernel
    93s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/01/2025, 16:42

General

  • Target

    $PLUGINSDIR/chrmPref.dll

  • Size

    193KB

  • MD5

    57d63d48f0bb2fe9b3751342e1b0cc67

  • SHA1

    65afbce77b4990f7f5efb5251e90bd9cc744583c

  • SHA256

    72753db55778180ebd90cb10173c7a87d8d919c6b34a07962e7e1fff80092eab

  • SHA512

    5766ff289869a252a9d08fe826e9e7df70796b2faddb470898e4f710aa33ed19094bd73e6637c9c720da417e7f5b9ca7645fa7cd36a8fae2b0718ced10892cf8

  • SSDEEP

    3072:HmRDL50AQeCDIypwn6etemPWamO52oZyl2dNxxyDm/Dd/tiPU6t:HmRDyAQeYYIXOQokKxxImH

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\chrmPref.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:408
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\chrmPref.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4848
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 604
        3⤵
        • Program crash
        PID:2908
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4848 -ip 4848
    1⤵
      PID:2944

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads