Analysis

  • max time kernel
    10s
  • max time network
    20s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    03-08-2024 01:56

General

  • Target

    $APPDATA/ScanGuard/updates/SAVAPI 11.0.1/aelibinf.dll

  • Size

    105KB

  • MD5

    21432626c63068ee47107da801c05ffc

  • SHA1

    1b011f00a0a01bf217c41a0f5cb7d8c0f6b7046b

  • SHA256

    812442ad5cdaeb6dd5dff76ddc3941fb9a1a56f999aa836f8fcbf4bb9e1b488f

  • SHA512

    1c6e973be37fbcfd2b945fbbde57afd37525aafd475b4229db8296ce48cbcffb2a092fb1d226b6f655a491535f7f2bff5139522daff92bf002304545fbeb596c

  • SSDEEP

    3072:nA5Fh7lNUcO4WsdDKs63FgJln2qVsdP0xKMSET:PAWsddFV5Vsu8pET

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\$APPDATA\ScanGuard\updates\SAVAPI 11.0.1\aelibinf.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1752
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\$APPDATA\ScanGuard\updates\SAVAPI 11.0.1\aelibinf.dll",#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2296

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads