Overview

overview

10

Static

static

9

Captiva.exe

windows7-x64

10

Captiva.exe

windows10-2004-x64

10

autoexec/bin.dll

windows7-x64

3

autoexec/bin.dll

windows10-2004-x64

3

locales/re...ng.dll

windows7-x64

1

locales/re...ng.dll

windows10-2004-x64

1

locales/re...ng.dll

windows7-x64

1

locales/re...ng.dll

windows10-2004-x64

1

locales/re...ng.dll

windows7-x64

3

locales/re...ng.dll

windows10-2004-x64

1

locales/re...er.dll

windows7-x64

1

locales/re...er.dll

windows10-2004-x64

1

locales/re...-1.dll

windows7-x64

1

locales/re...-1.dll

windows10-2004-x64

1

runtimes/w...er.dll

windows7-x64

1

runtimes/w...er.dll

windows10-2004-x64

1

runtimes/w...er.dll

windows7-x64

1

runtimes/w...er.dll

windows10-2004-x64

1

runtimes/w...er.dll

windows7-x64

3

runtimes/w...er.dll

windows10-2004-x64

3

scripts/Dex.js

windows7-x64

3

scripts/Dex.js

windows10-2004-x64

3

scripts/In...eld.js

windows7-x64

3

scripts/In...eld.js

windows10-2004-x64

3

scripts/UN...Env.js

windows7-x64

3

scripts/UN...Env.js

windows10-2004-x64

3

Resubmissions

28/02/2025, 06:16

250228-g1mrmatqw4 10

28/02/2025, 06:14

250228-gzfxpasyfw 10

Analysis

  • max time kernel
    117s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/02/2025, 06:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    locales/resources/app.asar.unpacked/node_modules/vibrancy-win/binding.dll

  • Size

    118KB

  • MD5

    6c12c930f974e5bc7872b58964f42359

  • SHA1

    805c5c899c32535d2ee8b2bc12deefe5fdaae566

  • SHA256

    094bfeb0692885f1e56bb363e1065099eab48a7988c8603fd6a3fb49ec88b09c

  • SHA512

    f46c416e3f33e0526c2d4cb3df738f7c9b11fece350b90ca9613e5d86bae7a363dd20b80d62f5745a9d51773b655199537b09fcf47acf226f35002f39f1596d3

  • SSDEEP

    3072:/WKjx2yp1tLqA1HB4kdeRqGmX5EMMi6leGS:3xBPVf1HB4kER4UFhS

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\locales\resources\app.asar.unpacked\node_modules\vibrancy-win\binding.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2016 -s 156
      2⤵
        PID:2112
    • C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
      "C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /dde
      1⤵
      • System Location Discovery: System Language Discovery
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:2500

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
      Filesize

      415B

      MD5

      407e6c24f32937b452bbe57b16ab5772

      SHA1

      b0a2d5d51346a66a33f8711dfe179080c3b2900a

      SHA256

      6ca0b8a423b75c9303cda28dbe36b755515b10cb81ac5037c4e03caf3bc83503

      SHA512

      bfdcc89c647e5d7f88d6376d8d5e67fd55ea08f8dccf5809cb3e49d2de39a2f36db7394381a389395eb3266bc8d6f6ba35d1ddde4b934e1ff91f114669105812

      Download Submit

    • memory/2500-1-0x000000007271D000-0x0000000072728000-memory.dmp

      Filesize

      44KB

      Download

    • memory/2500-0-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2500-13-0x000000005FFF0000-0x0000000060000000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2500-14-0x000000007271D000-0x0000000072728000-memory.dmp

      Filesize

      44KB

      Download