35c0c7dace57f970935856a0b881e6bcbad0c85a811bc00f41410394222801af

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
14/08/2024, 04:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cb3a88b928b3e125c6f002b05b408d10N.dll
Size

3KB
MD5

cb3a88b928b3e125c6f002b05b408d10
SHA1

15fa3e75145cb324b76cb234df78d1aa3da61846
SHA256

35c0c7dace57f970935856a0b881e6bcbad0c85a811bc00f41410394222801af
SHA512

e47e1dac2656abf155d8ab1dd3b7d1781224928150d2eb6b39dbdbcabc8dc85213af88771066601fc1d5b378a4f0924851199d671663aade98db5e5951449778

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 2864	2852	rundll32.exe	30
PID 2852 wrote to memory of 2864	2852	rundll32.exe	30
PID 2852 wrote to memory of 2864	2852	rundll32.exe	30
PID 2852 wrote to memory of 2864	2852	rundll32.exe	30
PID 2852 wrote to memory of 2864	2852	rundll32.exe	30
PID 2852 wrote to memory of 2864	2852	rundll32.exe	30
PID 2852 wrote to memory of 2864	2852	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb3a88b928b3e125c6f002b05b408d10N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb3a88b928b3e125c6f002b05b408d10N.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...