Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    19-08-2024 20:25

General

  • Target

    $_3_/EQShellUI.dll

  • Size

    887KB

  • MD5

    34565747f024ea74131bd5dfff032f0c

  • SHA1

    d57b74e6e8c601f1e5b16db31ab4e02358ee65cc

  • SHA256

    d95cf1b324c353aa239883e6b9164dd7dbc320d87b3970cf3e0e024f776f7cb9

  • SHA512

    a60287c30e65960c8b90510d307dc3279de2c7373e1b6b37c85e8c259e69ba68a58c62a0757b50f7c5e8175df7c2dd566cc862e2fbf2c893400dbf2f2e8124f9

  • SSDEEP

    24576:S1IAtAy4VV9OpN1PZtxgVZZsuGgoPgJmPcCGU2mQmcVN9hNiwYv0dy5006PK7Etv:pSAHtqZtxgVZZsuGgoPgJmP9MHJYv0dR

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 55 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\$_3_\EQShellUI.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2152
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\$_3_\EQShellUI.dll
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:304

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads