b48fdc7143a6f2a04d56fe570d34a04a7c6b76c853fb3c14ede578e17327a1af

Analysis

max time kernel
91s
max time network
96s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
25/07/2024, 15:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b48fdc7143a6f2a04d56fe570d34a04a7c6b76c853fb3c14ede578e17327a1af.dll
Size

1.9MB
MD5

440e0bb23f5d42ed089a8387d85390b0
SHA1

71ec9c94f216353234d4e2da3f9f2cbe93b9f479
SHA256

b48fdc7143a6f2a04d56fe570d34a04a7c6b76c853fb3c14ede578e17327a1af
SHA512

3d951496dc7c208acbbd8794bb0b412cf93f65c08f69a9a28332f313b0d342d2b7bf1c5ba3b10dba1457ebb2aedbfb9f43989e35e292b5ac59110826717aafe0
SSDEEP

49152:J7bfBmwdze9YO8bbIAv1IoDLepDuDCyxXbPMkTu:tBBz6Y5bbIQIpDDgXFT

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5892 wrote to memory of 3068	5892	rundll32.exe	81
PID 5892 wrote to memory of 3068	5892	rundll32.exe	81
PID 5892 wrote to memory of 3068	5892	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b48fdc7143a6f2a04d56fe570d34a04a7c6b76c853fb3c14ede578e17327a1af.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b48fdc7143a6f2a04d56fe570d34a04a7c6b76c853fb3c14ede578e17327a1af.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads