d9ccc2ca34b59d0a0e7e73a9aab832a697483ed1507edc861c28069b05481d30

Analysis

max time kernel
12s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07/09/2024, 05:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

plugins/libaccess_http_plugin.dll
Size

86KB
MD5

ebc817ab465eabd8102be2a738441f67
SHA1

267ebb18213fd680cbfd5fae845999f3e830d969
SHA256

c70530d14c76b73a7982a58939982d8f7c09fac8fc7f2c8b6b97973359ff6fa4
SHA512

26556228b84e05ad211e8374e907d84ae1eda887ebd2195cf8ca64529cc6efe9b71d4f25d597dba5bee2d02edda81dce63a98735b2c9b7455344b60fda1d6895
SSDEEP

1536:8mLn6JUrMdeWL9vxhPfzw9ZfMfhNOXcSMmKXgylvu+V/9Qd5S0KIOpnToIf7jL:8yWUwZLxxhP7qpH4pXgydu+V/qdoBTBf

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 2416	2352	rundll32.exe	29
PID 2352 wrote to memory of 2416	2352	rundll32.exe	29
PID 2352 wrote to memory of 2416	2352	rundll32.exe	29
PID 2352 wrote to memory of 2416	2352	rundll32.exe	29
PID 2352 wrote to memory of 2416	2352	rundll32.exe	29
PID 2352 wrote to memory of 2416	2352	rundll32.exe	29
PID 2352 wrote to memory of 2416	2352	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\plugins\libaccess_http_plugin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\plugins\libaccess_http_plugin.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads