Overview
overview
10Static
static
3FileApp.exe
windows7-x64
10FileApp.exe
windows10-2004-x64
7mi/CbsCore.dll
windows10-2004-x64
3mi/libglib-2.0-0.dll
windows7-x64
3mi/libglib-2.0-0.dll
windows10-2004-x64
3mi/meshsystem.dll
windows7-x64
1mi/meshsystem.dll
windows10-2004-x64
1mi/tmp/Pre...re.dll
windows7-x64
3mi/tmp/Pre...re.dll
windows10-2004-x64
3mi/tmp/cmi...rt.dll
windows10-2004-x64
3mi/tmp/msc...ks.dll
windows7-x64
3mi/tmp/msc...ks.dll
windows10-2004-x64
3mi/tmp/upd...nt.dll
windows10-2004-x64
3mi/wcp.dll
windows10-2004-x64
3Analysis
-
max time kernel
148s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
30-08-2024 08:01
Static task
static1
Behavioral task
behavioral1
Sample
FileApp.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
FileApp.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
mi/CbsCore.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral4
Sample
mi/libglib-2.0-0.dll
Resource
win7-20240705-en
Behavioral task
behavioral5
Sample
mi/libglib-2.0-0.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral6
Sample
mi/meshsystem.dll
Resource
win7-20240704-en
Behavioral task
behavioral7
Sample
mi/meshsystem.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral8
Sample
mi/tmp/PresentationCore.dll
Resource
win7-20240704-en
Behavioral task
behavioral9
Sample
mi/tmp/PresentationCore.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral10
Sample
mi/tmp/cmiaisupport.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
mi/tmp/mscordacwks.dll
Resource
win7-20240729-en
Behavioral task
behavioral12
Sample
mi/tmp/mscordacwks.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral13
Sample
mi/tmp/updateagent.dll
Resource
win10v2004-20240802-en
Behavioral task
behavioral14
Sample
mi/wcp.dll
Resource
win10v2004-20240802-en
General
-
Target
mi/tmp/updateagent.dll
-
Size
2.0MB
-
MD5
3629dc4d1eb8ecbbe42f4deee407865f
-
SHA1
99737fc8bd13eb56e3e933b92fc9b4ee65ad4989
-
SHA256
88a6adc03576cb8e2d5616e47205493195c257f4d12fb832dfd91f8920fc0697
-
SHA512
9a6ba384d4a880cfb85c63d5a7535d65163a16e51bde45a544b7ca02925a671a3fc4774a2efdc6d962a6b44a7175176bf5313c61fef8d217249c12dbd7b92c4a
-
SSDEEP
49152:yqRRcz9BPGAfBelw99MFJ6d8NfEz1L9tsDU7akEtlYTr8XdSx+jyfZ0A:tRRcjGAfBelw9OFwd8Ncz3+DU7C/grBr
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
rundll32.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 3228 wrote to memory of 4468 3228 rundll32.exe rundll32.exe PID 3228 wrote to memory of 4468 3228 rundll32.exe rundll32.exe PID 3228 wrote to memory of 4468 3228 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\mi\tmp\updateagent.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3228 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\mi\tmp\updateagent.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:4468