Analysis

  • max time kernel
    119s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    20-08-2024 23:58

General

  • Target

    NERO55/NERO/WAVEEDITOR/VPLUGINS-CHS.dll

  • Size

    84KB

  • MD5

    06fd06cd6975c19277414823cf82daa2

  • SHA1

    c3716029e4c2de532426d4c7cca30990fd5605d2

  • SHA256

    c56e67937709e2373c2f626ba27f498998742012efaa36cd275909ff4ff23b13

  • SHA512

    5c04066d69fbd5f25b27efc1c8e588550e1024363d9a6f6f895f8cdbfea671b7e9397946d36c7cdcf86c75b63e827a7cb6de823b37a8092b249c984d19970425

  • SSDEEP

    768:vo2TVmkf9eD2rytDXS41X2Z/8ontqGUlTvobeBcXsJumW+JYCGXHIdr:Q2TVmkUbDXSWGCotfUps+edXi

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\NERO55\NERO\WAVEEDITOR\VPLUGINS-CHS.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2224
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\NERO55\NERO\WAVEEDITOR\VPLUGINS-CHS.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1288

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads