Analysis
-
max time kernel
16s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
03/08/2024, 05:26
Static task
static1
Behavioral task
behavioral1
Sample
56a9bb0f45dca7980cacf02a116a4a90N.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
56a9bb0f45dca7980cacf02a116a4a90N.dll
Resource
win10v2004-20240802-en
General
-
Target
56a9bb0f45dca7980cacf02a116a4a90N.dll
-
Size
540KB
-
MD5
56a9bb0f45dca7980cacf02a116a4a90
-
SHA1
7e2e7d07ca425ce1d370c4434823ad1146a76635
-
SHA256
4aae1939c6e338d6453849c0f4d66d71a648494e5784305f6f2b7f58adbb856c
-
SHA512
1cad1444a1d1580c8529ca097d064071827e2d4745a240a041f6320c820b561daecb9f0f16a1d72506a8d5b8f3b48f0f4eeea22f520107625d7079f74b7f56ad
-
SSDEEP
12288:YWtW5UExA/rc0cj4YL6mwe3DQT5t/LluFo1II:YWtsVA/rxccywe36lLlQe5
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language regsvr32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2120 wrote to memory of 2512 2120 regsvr32.exe 31 PID 2120 wrote to memory of 2512 2120 regsvr32.exe 31 PID 2120 wrote to memory of 2512 2120 regsvr32.exe 31 PID 2120 wrote to memory of 2512 2120 regsvr32.exe 31 PID 2120 wrote to memory of 2512 2120 regsvr32.exe 31 PID 2120 wrote to memory of 2512 2120 regsvr32.exe 31 PID 2120 wrote to memory of 2512 2120 regsvr32.exe 31
Processes
-
C:\Windows\system32\regsvr32.exeregsvr32 /s C:\Users\Admin\AppData\Local\Temp\56a9bb0f45dca7980cacf02a116a4a90N.dll1⤵
- Suspicious use of WriteProcessMemory
PID:2120 -
C:\Windows\SysWOW64\regsvr32.exe/s C:\Users\Admin\AppData\Local\Temp\56a9bb0f45dca7980cacf02a116a4a90N.dll2⤵
- System Location Discovery: System Language Discovery
PID:2512
-