Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-08-2024 08:01

General

  • Target

    mi/tmp/updateagent.dll

  • Size

    2.0MB

  • MD5

    3629dc4d1eb8ecbbe42f4deee407865f

  • SHA1

    99737fc8bd13eb56e3e933b92fc9b4ee65ad4989

  • SHA256

    88a6adc03576cb8e2d5616e47205493195c257f4d12fb832dfd91f8920fc0697

  • SHA512

    9a6ba384d4a880cfb85c63d5a7535d65163a16e51bde45a544b7ca02925a671a3fc4774a2efdc6d962a6b44a7175176bf5313c61fef8d217249c12dbd7b92c4a

  • SSDEEP

    49152:yqRRcz9BPGAfBelw99MFJ6d8NfEz1L9tsDU7akEtlYTr8XdSx+jyfZ0A:tRRcjGAfBelw9OFwd8Ncz3+DU7C/grBr

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\mi\tmp\updateagent.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3228
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\mi\tmp\updateagent.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads