Overview

overview

3

Static

static

3

4d1352cc74...e1.dll

windows7-x64

3

4d1352cc74...e1.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    12s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19/08/2024, 13:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4d1352cc7468b6475de126f7874d1bcd772336d8d761523932d392b982e7cfe1.dll

  • Size

    911KB

  • MD5

    a4f42f71af9e05e12c26b59b1cc9e10c

  • SHA1

    5ae7ed7395e2959bb9919f13945f3c5900868ccb

  • SHA256

    4d1352cc7468b6475de126f7874d1bcd772336d8d761523932d392b982e7cfe1

  • SHA512

    10aca5fb3d57759ff69ef0e6a518ee9e925483d51114f4c96ba56da257871c1e423aecef9098ad19eba06e9eb225f38e2965eef08b38f372b584eea61678141b

  • SSDEEP

    12288:lwFKL4Q6mBszgCfYtSqaxrbIczIBja3yykhvHmJNK6GycoXIZOzyi:lwFm4QSzvfESqiIIIB3mn4yLXsOGi

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d1352cc7468b6475de126f7874d1bcd772336d8d761523932d392b982e7cfe1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1272
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d1352cc7468b6475de126f7874d1bcd772336d8d761523932d392b982e7cfe1.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of SetWindowsHookEx
      PID:1828

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads