Analysis

  • max time kernel
    131s
  • max time network
    137s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    27-07-2024 00:21

General

  • Target

    Battlefield 2/SwiffPlayer_r.dll

  • Size

    1.0MB

  • MD5

    8b4863c550ff893a7d787ee62e9136ed

  • SHA1

    ef4d29939406049358395df2beb16c4951cc58f7

  • SHA256

    e4347ce5809544123d5180a79ba5939eefe358fa56e42bfe061c0c61699715d1

  • SHA512

    95c6969d59d40a4fbaf4104d6eb71873e119c8ee3c4578947cf4017d298e123b25b8b8705d66eddc87f9b866240f06a2a310d7a941cbcc4fd105916031bd77bb

  • SSDEEP

    24576:4ajt9u/9pyfbpk5hTiz+AyVRCSOAADV0H4Mj2e8tpi4ogRJXz:HjtA/9Ub65hTiz+AyVLfAqH4uapi4ogD

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Battlefield 2\SwiffPlayer_r.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4424
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Battlefield 2\SwiffPlayer_r.dll",#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:5116

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads