Analysis
-
max time kernel
98s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
15-08-2024 15:32
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
fa567a5cd68711bf218f49588279bf10N.dll
Resource
win7-20240705-en
windows7-x64
3 signatures
120 seconds
General
-
Target
fa567a5cd68711bf218f49588279bf10N.dll
-
Size
693KB
-
MD5
fa567a5cd68711bf218f49588279bf10
-
SHA1
3b613845ee3d7e2546fe6c0a9aba7119c93a851e
-
SHA256
87d54e799dec7801594dfa9da88d25bbb04f549b8f42e3da271aabccceec1114
-
SHA512
0ae2ca88db46b707c77deb0db33dc7b1654db7135a9cae28711678cafed314979fb6f5a2c96751dbd458d375bea9b9bb69bef73960112462a177f944ad14f7e9
-
SSDEEP
3072:jDKpt9sSR0HUHPwZWLnWVfEAzV2IJIwTBftpmc+z+f3Q0S:jDgtfRQUHPw06MoV2nwTBlhm8q
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3292 wrote to memory of 3224 3292 rundll32.exe 84 PID 3292 wrote to memory of 3224 3292 rundll32.exe 84 PID 3292 wrote to memory of 3224 3292 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fa567a5cd68711bf218f49588279bf10N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3292 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fa567a5cd68711bf218f49588279bf10N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:3224
-