Analysis
-
max time kernel
139s -
max time network
144s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
09/08/2024, 21:46
Static task
static1
Behavioral task
behavioral1
Sample
5aae6c002f2dc1da2373a8a3f786a453526d38aaf52fec666454e3070d9915e8.dll
Resource
win10v2004-20240802-en
General
-
Target
5aae6c002f2dc1da2373a8a3f786a453526d38aaf52fec666454e3070d9915e8.dll
-
Size
1.4MB
-
MD5
d0eb1142b2fe26d73304c8063d5b9cae
-
SHA1
703107c48992eb7c5cc9b052bd71da16a20ac77e
-
SHA256
5aae6c002f2dc1da2373a8a3f786a453526d38aaf52fec666454e3070d9915e8
-
SHA512
b3d3cffb2910fc5d585a291baaa5ad61716d69497e95333db41aca1be1df372247069f3254f7d2d766745606dae9e91898b12d1780d2a07d9cb00e5def4de0a9
-
SSDEEP
6144:pL+mPpIKPsQZ1y5v0CEGfBQJJJeYfmQVDLT4fxLUefqWbvMpnX3t5oEihpHGa4cb:vyJBmJJeYfdqUevYt5qUcb
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4272 wrote to memory of 4740 4272 rundll32.exe 87 PID 4272 wrote to memory of 4740 4272 rundll32.exe 87 PID 4272 wrote to memory of 4740 4272 rundll32.exe 87
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5aae6c002f2dc1da2373a8a3f786a453526d38aaf52fec666454e3070d9915e8.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4272 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\5aae6c002f2dc1da2373a8a3f786a453526d38aaf52fec666454e3070d9915e8.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:4740
-