Analysis

  • max time kernel
    118s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11-09-2024 05:49

General

  • Target

    ArainsToolser/arphadump.dll

  • Size

    7.2MB

  • MD5

    e4ac1288b36eb34ec356012716573a5c

  • SHA1

    dfaf779547b3989d72f75a91dbba20a3a15d4b96

  • SHA256

    9e10d98024db6f6748433918288232cc1e55bea916146729be40dc0e53615393

  • SHA512

    5f6921a62bee16a695215ead02fa10f6ae7ec844c9826a063824487519e03b0c674f6802273f13cb23e1daca2f7e9b9b723359d2b9aa9183821ec1234a334463

  • SSDEEP

    98304:WfGAF3IZQRiTozYnHctd8/YTqOHyjt7ygsOMW6:4uRoznfq1NsM

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\ArainsToolser\arphadump.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2008
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\ArainsToolser\arphadump.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.