6342d23f051ed17a5243eaa3b37e7a3cd216bb180c3b458890dd732c90273048

Analysis

max time kernel
93s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27/07/2024, 23:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6342d23f051ed17a5243eaa3b37e7a3cd216bb180c3b458890dd732c90273048.dll
Size

2.3MB
MD5

999d955dc8313947a511d8d89a9bb28d
SHA1

d3626c94ac4e23b72c863f3c302e3d3b42d511c3
SHA256

6342d23f051ed17a5243eaa3b37e7a3cd216bb180c3b458890dd732c90273048
SHA512

fd4dde1d18baf3a8ed43d9ea2fa53ae3e385d0cd7702a0c78a48865c07bbd140f9307963f3327e46d23b83e3edb9df7491aa4978d46c86de5f5fe754352a3bc6
SSDEEP

49152:AmuwvDgJK0sMrdkGGLxSzz8r41yLXgM4FMQcXgcofMk3bE8e+2za4qBvl2E8:LLgJapmyD6MQcXr3QbJe+2C6

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4264 wrote to memory of 4412	4264	rundll32.exe	84
PID 4264 wrote to memory of 4412	4264	rundll32.exe	84
PID 4264 wrote to memory of 4412	4264	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6342d23f051ed17a5243eaa3b37e7a3cd216bb180c3b458890dd732c90273048.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6342d23f051ed17a5243eaa3b37e7a3cd216bb180c3b458890dd732c90273048.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4412-0-0x0000000074C70000-0x0000000074FD4000-memory.dmp

Filesize
3.4MB

Download