Resubmissions
03-08-2024 19:46
240803-yg8nestbqr 1003-08-2024 19:44
240803-ygbcxsxhld 603-08-2024 19:41
240803-yd6pnaxgpa 6Analysis
-
max time kernel
133s -
max time network
124s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
03-08-2024 19:41
General
-
Target
win-airplay/libplist.dll
-
Size
69KB
-
MD5
3884ca71f0a70645cb844c5baba40f40
-
SHA1
c87b47d9049d486d68b9fc07357224b45aea1bf8
-
SHA256
362b2f4a8d6e8e50dfee53c11cf633736198c1dbfb1267202b6ec29c8a8b1208
-
SHA512
cf28442650e1673e34a6144fc2149b9fc493394adb7fedb7759a8e321ea956d2b18f228169cf2b3559737a583a8cae5996d32f4098f91ae69df8a2e6eeccc0a6
-
SSDEEP
768:Uec8KDLi9V4HDjqpX/liWP7Oq8ElrMAulUX/W+1jqZmdIZz3c3v3ItDSJjm:oLQV4HDjqptKE2Aos/W+Fqph3kv3ECS
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\win-airplay\libplist.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\win-airplay\libplist.dll,#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 4483⤵
- Program crash
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1180 -ip 11801⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1180-0-0x0000000063F00000-0x0000000063F18000-memory.dmpFilesize
96KB