Resubmissions
17-08-2024 17:13
240817-vrw6lazdqj 317-08-2024 17:13
240817-vrj62azdnp 317-08-2024 17:06
240817-vmkl1awglg 3Analysis
-
max time kernel
98s -
max time network
123s -
platform
windows11-21h2_x64 -
resource
win11-20240802-en -
resource tags
-
submitted
17-08-2024 17:13
General
-
Target
kms_pico_fake_dll.dll
-
Size
2.4MB
-
MD5
2dd6d74189ce256e6bcb088d7a3ee29c
-
SHA1
47f3618d4f68a8cf1c9eda3b6b18e8b8e721ced3
-
SHA256
fa337f53515da48c0134af74cf3b2d557c562b6ff4a8262bcb347cf4aecbfb4a
-
SHA512
c232e6b3258ca7387b923ca781f84b65490b11570474ea3355083a13dcef0699d16ef370fd04b01befdf6aa39275f2b097f83bc9ac03c06bf8bf1a9fe70ced64
-
SSDEEP
49152:Dh39oIisk10LW6O+eTFtQkhBTK0oxjzTqNdj4lt+IIf+vjxV4Ye3X:DEf10LteTFikhBTK0kXTqjj4l3vHy3
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\kms_pico_fake_dll.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\kms_pico_fake_dll.dll,#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 7963⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3488 -ip 34881⤵