Analysis

  • max time kernel
    13s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    25-07-2024 02:52

General

  • Target

    2200-4-0x0000000000380000-0x0000000000397000-memory.dll

  • Size

    92KB

  • MD5

    e30048017d2f04ced70af241ae1bfb1e

  • SHA1

    03924cc6acb8ad00f546925d0d0ef9b1940c7b4f

  • SHA256

    02ae4c9815530398f7baabeea8e416523b4fe654dd6107209e493b9d9b792b86

  • SHA512

    a22521711a95609b00250f1717a28b5d9617ff09515dc3dd9f4c47b5e594412b4dd28b60aeedb3693b6335a7aad0a94aa2a7bc4ff95dd992f51c222ccab19ca2

  • SSDEEP

    1536:5JJJJJJJJJJJJ5ueNf7towSEKNn1Ueuqpn6pMqqU+2bbbAV2/S2TrKyGBU+:dZ7tJvKzUS2MqqDL2/TrK

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\2200-4-0x0000000000380000-0x0000000000397000-memory.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2776
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\2200-4-0x0000000000380000-0x0000000000397000-memory.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads