Analysis
-
max time kernel
13s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
05-08-2024 13:07
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
92e6c86fcb6a0adc71f0fd2608a3ebe0N.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
120 seconds
General
-
Target
92e6c86fcb6a0adc71f0fd2608a3ebe0N.dll
-
Size
719KB
-
MD5
92e6c86fcb6a0adc71f0fd2608a3ebe0
-
SHA1
f304ab1b860a2c57d3ea09f86ddf9701eb1a4e31
-
SHA256
6d56d33acc294d1f270b4595234370f638400540477911b37cf508cf4a20abc3
-
SHA512
3815d14ffdfca7843584e714fde70f764391b73fe68e603c09fe318c58258afd4c6217f187afc463c56de9082b22f8aa8c286bd2135b667c06c30c2005207479
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYr:o6RI1Fo/wT3cJYYYYYYYYYYYYr
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2172 wrote to memory of 2556 2172 rundll32.exe 29 PID 2172 wrote to memory of 2556 2172 rundll32.exe 29 PID 2172 wrote to memory of 2556 2172 rundll32.exe 29 PID 2172 wrote to memory of 2556 2172 rundll32.exe 29 PID 2172 wrote to memory of 2556 2172 rundll32.exe 29 PID 2172 wrote to memory of 2556 2172 rundll32.exe 29 PID 2172 wrote to memory of 2556 2172 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\92e6c86fcb6a0adc71f0fd2608a3ebe0N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2172 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\92e6c86fcb6a0adc71f0fd2608a3ebe0N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2556
-