Analysis
-
max time kernel
15s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
04-08-2024 17:09
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
f4f2fb1616b7ac5d4de49aca70972c10N.dll
Resource
win7-20240708-en
windows7-x64
3 signatures
120 seconds
General
-
Target
f4f2fb1616b7ac5d4de49aca70972c10N.dll
-
Size
1.0MB
-
MD5
f4f2fb1616b7ac5d4de49aca70972c10
-
SHA1
431977ae9b1060311e78f935d3c4266ba1eb4f7f
-
SHA256
37eb0a8cdac8124adac82bbd7c6331b36db3bc46c510fe8cea74451666c5231a
-
SHA512
16cc66c90bfa3567f8a606077bf713473548204f5bb7f16c757773fceb3fbd075452bf478b2b01d3c7b16a61d7fb1c74be044b4bb6e9ab39ca67aac017c53da1
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYY6:o6RI1Fo/wT3cJYYYYYYYYYYYY6
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2212 wrote to memory of 2004 2212 rundll32.exe 30 PID 2212 wrote to memory of 2004 2212 rundll32.exe 30 PID 2212 wrote to memory of 2004 2212 rundll32.exe 30 PID 2212 wrote to memory of 2004 2212 rundll32.exe 30 PID 2212 wrote to memory of 2004 2212 rundll32.exe 30 PID 2212 wrote to memory of 2004 2212 rundll32.exe 30 PID 2212 wrote to memory of 2004 2212 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f4f2fb1616b7ac5d4de49aca70972c10N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\f4f2fb1616b7ac5d4de49aca70972c10N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2004
-