Analysis
-
max time kernel
14s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
21-08-2024 09:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b7b83f78ec33ccaa600deb9fa1a3fe20N.dll
Resource
win7-20240704-en
windows7-x64
3 signatures
120 seconds
General
-
Target
b7b83f78ec33ccaa600deb9fa1a3fe20N.dll
-
Size
509KB
-
MD5
b7b83f78ec33ccaa600deb9fa1a3fe20
-
SHA1
92c5b3131748995aa6a4657d5783143f657f9b3b
-
SHA256
feb0b3426cae63c3fb8dee24101741ed65c366948e2494eeb161f2a790cf1e8b
-
SHA512
71720dea439c18ce56d0777fe13cb486db70ad415eb55358f51bdbedae6539708746955d1b61f50d2dd9b9f280d386a19bc5e07cd83486049dd56cbc4253527c
-
SSDEEP
3072:o6pU5Y1DXnbMn7Uzkop61/dAzV2O3XwTBftrm2YedGf3QKZD+:o6C5AXbMn7UI1FoV2gwTBlrIckPo
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 900 wrote to memory of 3012 900 rundll32.exe 29 PID 900 wrote to memory of 3012 900 rundll32.exe 29 PID 900 wrote to memory of 3012 900 rundll32.exe 29 PID 900 wrote to memory of 3012 900 rundll32.exe 29 PID 900 wrote to memory of 3012 900 rundll32.exe 29 PID 900 wrote to memory of 3012 900 rundll32.exe 29 PID 900 wrote to memory of 3012 900 rundll32.exe 29
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b7b83f78ec33ccaa600deb9fa1a3fe20N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:900 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b7b83f78ec33ccaa600deb9fa1a3fe20N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:3012
-