0966634f88322715366baca0f8c786c4f7004637fddcd2534cada7fa7d3e647e

Analysis

max time kernel
137s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
27-07-2024 18:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0966634f88322715366baca0f8c786c4f7004637fddcd2534cada7fa7d3e647e.dll
Size

4KB
MD5

c28aaf48a7ee97caeb329125f7397b67
SHA1

767edf806ad11dd40c0b4b4b7504cb66c29a301c
SHA256

0966634f88322715366baca0f8c786c4f7004637fddcd2534cada7fa7d3e647e
SHA512

2909968031f2a8400c3a8242c545024129e8b7966068a74eaf719bf83b7347bc7f70b3ecffc62ffbc85082658bfeb9ee30e325f502c0327cf8beaad2173783b8

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 936	2136	rundll32.exe	84
PID 2136 wrote to memory of 936	2136	rundll32.exe	84
PID 2136 wrote to memory of 936	2136	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0966634f88322715366baca0f8c786c4f7004637fddcd2534cada7fa7d3e647e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0966634f88322715366baca0f8c786c4f7004637fddcd2534cada7fa7d3e647e.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads