Analysis
-
max time kernel
17s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system -
submitted
16-08-2024 16:04
Static task
static1
Behavioral task
behavioral1
Sample
99f58ab2d04f94c150d8a256858f6420N.dll
Resource
win7-20240705-en
2 signatures
120 seconds
General
-
Target
99f58ab2d04f94c150d8a256858f6420N.dll
-
Size
4.0MB
-
MD5
99f58ab2d04f94c150d8a256858f6420
-
SHA1
c06092535c7d897e096e449d1f01cac654c3a5b1
-
SHA256
37ab609349ba4c858c6e3487a24a431c450798e3d9dc7a13b22f08ae5fb6a58c
-
SHA512
884df307414f40d5764dbaf4e817d203391c20f50f8156acf2c43cdb2cbeafc680134cf7686819b0405c8eab63370691cf8895dc7df1caaf34693884877f20e6
-
SSDEEP
49152:2L4EbUvu5jL53soP+DaOVv8pHIARyHqinLMTPfuQ1TAvO/HGzQkQSdaI:2L4AfsLv5AkH7LMruQSyHlkQSX
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
rundll32.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid Process procid_target PID 828 wrote to memory of 2516 828 rundll32.exe 29 PID 828 wrote to memory of 2516 828 rundll32.exe 29 PID 828 wrote to memory of 2516 828 rundll32.exe 29 PID 828 wrote to memory of 2516 828 rundll32.exe 29 PID 828 wrote to memory of 2516 828 rundll32.exe 29 PID 828 wrote to memory of 2516 828 rundll32.exe 29 PID 828 wrote to memory of 2516 828 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\99f58ab2d04f94c150d8a256858f6420N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:828 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\99f58ab2d04f94c150d8a256858f6420N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2516
-