Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
-
submitted
07-08-2024 02:09
General
-
Target
c7b250ca3e9d93ab40d2bd8de1a2db870b81b5b3862e175d24b87e268ebd8c61.dll
-
Size
29.2MB
-
MD5
383af21914c97e9ed0072c44adf4ceb5
-
SHA1
4524cf2febb5de3ca1081a31c5891159c97dedf4
-
SHA256
c7b250ca3e9d93ab40d2bd8de1a2db870b81b5b3862e175d24b87e268ebd8c61
-
SHA512
70c3f3bc2a321bab8b65d966f96db817b9edf8a82be2e55ed52eca59e1e1b17a458cb5b06c7d4d382f05df77142546922a933941dc4455655767ad851db8e0a6
-
SSDEEP
786432:GW8vcHMfKjjIVlTRyKVrjqYLEQmdF0ycfjnYgsKmy5:GmTjGtHViYL5m/0ycfLMKv
Score
5/10
Malware Config
Signatures
-
Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c7b250ca3e9d93ab40d2bd8de1a2db870b81b5b3862e175d24b87e268ebd8c61.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c7b250ca3e9d93ab40d2bd8de1a2db870b81b5b3862e175d24b87e268ebd8c61.dll,#12⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- System Location Discovery: System Language Discovery
-