Overview

overview

7

Static

static

3

e275e8febf...37.exe

windows7-x64

7

e275e8febf...37.exe

windows10-2004-x64

7

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...fo.dll

windows7-x64

3

$PLUGINSDI...fo.dll

windows10-2004-x64

3

$SYSDIR/CEA_Crypt.dll

windows7-x64

3

$SYSDIR/CEA_Crypt.dll

windows10-2004-x64

3

$SYSDIR/FT...nk.dll

windows7-x64

3

$SYSDIR/FT...nk.dll

windows10-2004-x64

3

$SYSDIR/In...11.dll

windows7-x64

3

$SYSDIR/In...11.dll

windows10-2004-x64

3

$SYSDIR/In..._s.dll

windows7-x64

3

$SYSDIR/In..._s.dll

windows10-2004-x64

3

$SYSDIR/Pa...rl.dll

windows7-x64

5

$SYSDIR/Pa...rl.dll

windows10-2004-x64

5

$SYSDIR/Pa...rl.dll

windows7-x64

5

$SYSDIR/Pa...rl.dll

windows10-2004-x64

5

$SYSDIR/Pa...ns.exe

windows7-x64

3

$SYSDIR/Pa...ns.exe

windows10-2004-x64

3

$SYSDIR/Pa...64.dll

windows7-x64

7

$SYSDIR/Pa...64.dll

windows10-2004-x64

5

$SYSDIR/Pa...ns.exe

windows7-x64

3

$SYSDIR/Pa...ns.exe

windows10-2004-x64

3

$SYSDIR/pa...ns.exe

windows7-x64

3

$SYSDIR/pa...ns.exe

windows10-2004-x64

3

$SYSDIR/pr...RA.dll

windows7-x64

3

$SYSDIR/pr...RA.dll

windows10-2004-x64

3

$SYSDIR/stwebdll.dll

windows7-x64

3

$SYSDIR/stwebdll.dll

windows10-2004-x64

3

$TEMP/EsWe...it.exe

windows7-x64

7

$TEMP/EsWe...it.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/08/2024, 06:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $SYSDIR/InterPass2000P11_s.dll

  • Size

    10KB

  • MD5

    6b27956ba886ee230281d205e09e91a9

  • SHA1

    d5c7d9297df241b52573d03185a66528a84f5488

  • SHA256

    3df383f4b0195620badc0bb9f5e1d86ebdb4975b60da4b910a26fee9b4af474f

  • SHA512

    e7b9d770ef04dda2c2cf144c218851b2b933d59395caff6594e70d0d71db4a78319a51bcbd3479668ab7dad56acee4a24cc3c4206186ad6cc91f5314a498212a

  • SSDEEP

    96:Dpn00KCDOVnXB+im0KcOqW/PLZISj0epuVuw6YQCcTvka9IN80KIbWUksykajqq1:PAXBRQC3a9C8nZUadXe/09OFH

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$SYSDIR\InterPass2000P11_s.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2004
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$SYSDIR\InterPass2000P11_s.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads