6c66e484a2fa3a51f556e6fd9f894bd5445e952c7c669ef43a85f23ab98ff3fc

Analysis

max time kernel
144s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
20-08-2024 17:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WallHack PB Windows 7 28.10.2011/System32/msvcp100d.dll
Size

725KB
MD5

d9b66b1509639cc71ddc703225c65823
SHA1

143d65a3f90c19ea57fd902f35c4d5ca87db2c1f
SHA256

555eb31b526096c6f6a3b6ee768dad1c1ef5cb8f0165071673164d64e7063f61
SHA512

623c60b12e5ba64d6f507766c273989d2c01aacfc5764e597cfcdb2e7c98d41359e107ff309418062ab1df78af764145a28d855637f3ebff51e8dce548cfe718
SSDEEP

12288:C6NK3D/KRhB6y8C6y8I8cLzoyiM9z69Pw9Pj9PAJFxNZVBdplrLg55JFxNZVBdpe:C6NK3D/28cLC2ekwhyO5qa6v3Ooc8UHx

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

rundll32.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 3252 wrote to memory of 1660	3252	rundll32.exe	84
PID 3252 wrote to memory of 1660	3252	rundll32.exe	84
PID 3252 wrote to memory of 1660	3252	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\WallHack PB Windows 7 28.10.2011\System32\msvcp100d.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\WallHack PB Windows 7 28.10.2011\System32\msvcp100d.dll",#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads