e232359fdbaa1d46dcf56a5715a0ba4c700c93fb310f551a4a3afa912afdaed1

Analysis

max time kernel
214s
max time network
288s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
06-09-2024 19:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Calamari/sxlib.dll
Size

864KB
MD5

d00e1627d7536022dd81aeb27577221c
SHA1

56a1f78e5acc89b97b02652f61a154265511ffcf
SHA256

904a9329bf56d110adec486f37411831a1148934a5ca4bbff9e33a1ca8ce5bcb
SHA512

d7cb95dd515f1edfde7e17681563bf5b709ac06f33805ce70dbcb76aca4ee34061c5201a54e1a92d67a1fb8f59512c8a64fcbb201fc88e5536001e40489dab69
SSDEEP

12288:EnfEbmXVMomkzPuY6TZNPERW1v+wUGx6tEhPaZLuabPIkLOh/1K9FaUQmUFv7SZR:WhziXGGv+T8wECFIMOYHUv7S/WkuvA

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5276 wrote to memory of 5348	5276	rundll32.exe	79
PID 5276 wrote to memory of 5348	5276	rundll32.exe	79
PID 5276 wrote to memory of 5348	5276	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Calamari\sxlib.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5276
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Calamari\sxlib.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads