Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
27-07-2024 04:10
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
d35746fc7f88c7276fef7e729ea6879907270390a941f5254c051b3febd67082.dll
Resource
win7-20240705-en
windows7-x64
3 signatures
150 seconds
General
-
Target
d35746fc7f88c7276fef7e729ea6879907270390a941f5254c051b3febd67082.dll
-
Size
1.1MB
-
MD5
63b24d82d837f5478c7bd9d66d4c2708
-
SHA1
5e7a762feaf83ab244133a2ce59bb6db6a5ee78d
-
SHA256
d35746fc7f88c7276fef7e729ea6879907270390a941f5254c051b3febd67082
-
SHA512
fa4bb4c1937514e60629ddc713be22e9e0c40504d8b9eeb7cc77a9cbc997d2d8be86406b4b6b1d976af2444ae1098ec4c83e8a9b901605eb12ab54e48db540c3
-
SSDEEP
12288:jDgN6MoIwT3qOOOOOOOOOOOOOOOOOOOOOOV:jTtT3qOOOOOOOOOOOOOOOOOOOOOOV
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2700 wrote to memory of 2024 2700 rundll32.exe 30 PID 2700 wrote to memory of 2024 2700 rundll32.exe 30 PID 2700 wrote to memory of 2024 2700 rundll32.exe 30 PID 2700 wrote to memory of 2024 2700 rundll32.exe 30 PID 2700 wrote to memory of 2024 2700 rundll32.exe 30 PID 2700 wrote to memory of 2024 2700 rundll32.exe 30 PID 2700 wrote to memory of 2024 2700 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d35746fc7f88c7276fef7e729ea6879907270390a941f5254c051b3febd67082.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2700 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d35746fc7f88c7276fef7e729ea6879907270390a941f5254c051b3febd67082.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2024
-