d82203c449ba4f51194a32b50a7145ba0390c9ee696c6c2f9681b0e9e51fbd70

Analysis

max time kernel
93s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-09-2024 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c2fd4511efc73af0503585d73bc32e70617258c27462d0fde94828058ae69708.dll
Size

305KB
MD5

57b5ef3bc6d3d755a4cf5604c09d5f28
SHA1

bf9a33809c53b1baedd41f2bce95bdbf52e83fab
SHA256

c2fd4511efc73af0503585d73bc32e70617258c27462d0fde94828058ae69708
SHA512

4eb3da8216f1a5b55a0f41bb99068c729a1f48458c310f2a17031b69dc1e057fe9b68f5ed6efb086c58ac08e3bb891f274096e155050de1e4421f8e3f6d6ed6b
SSDEEP

3072:ce7K5ucfEsXEsVe7K5ucfEsJEsXEsVe7K5ucf:R7K5uQZXZU7K5uQZJZXZU7K5uE

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4372 wrote to memory of 3220	4372	rundll32.exe	83
PID 4372 wrote to memory of 3220	4372	rundll32.exe	83
PID 4372 wrote to memory of 3220	4372	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2fd4511efc73af0503585d73bc32e70617258c27462d0fde94828058ae69708.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c2fd4511efc73af0503585d73bc32e70617258c27462d0fde94828058ae69708.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads