f2ec52d54c1fec3acad6c293be6d2079aba6920351b222ff08d1b26b39721a8d

Analysis

max time kernel
132s
max time network
136s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
24/08/2024, 15:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

123/AlitunWrap.dll
Size

500KB
MD5

c7e766d1ea5500ac256441c409d07bc2
SHA1

3b3f8c2622396f28c9967ef3727bd366fb910f2a
SHA256

1d1ab7c69866a1e2ddda7b96f5c03667823d80c4a85e7935398da001812fffac
SHA512

2bda2fbd552fb70b11dd518196484bf6ca09f9857ab030aad57cf571a7cb772364b836d02c166892ac994908f5c17eef05192e53751bf2a45232909d0e8f92ea
SSDEEP

12288:hw/1l2eOOZ/Ql5ZWIvHdHl7EX0JbRoFO1fSBidWqYyCnwaXq/SnGxQ:hakdHldbXfSIWq8nwYq/PxQ

Score

3^/10

discovery

Malware Config

Signatures

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4172	1908	WerFault.exe	73

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3788 wrote to memory of 1908	3788	rundll32.exe	73
PID 3788 wrote to memory of 1908	3788	rundll32.exe	73
PID 3788 wrote to memory of 1908	3788	rundll32.exe	73

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\123\AlitunWrap.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3788
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\123\AlitunWrap.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1908
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 744
    3⤵
    - Program crash
    PID:4172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads