Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
11-09-2024 11:13
Static task
static1
Behavioral task
behavioral1
Sample
b499f9290495e5e404e79573c3478d93b5c58d306812806fc5016d4c463edacb.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
b499f9290495e5e404e79573c3478d93b5c58d306812806fc5016d4c463edacb.dll
Resource
win10v2004-20240802-en
General
-
Target
b499f9290495e5e404e79573c3478d93b5c58d306812806fc5016d4c463edacb.dll
-
Size
7.0MB
-
MD5
278cb5046d7aadfb0966159c80f72b8b
-
SHA1
5f2b9aa5612832c8b39dd282c6f5f59f86b91915
-
SHA256
b499f9290495e5e404e79573c3478d93b5c58d306812806fc5016d4c463edacb
-
SHA512
e54fdbdf2439f4e6df2a34b55592c4b306ff1b4cc2c03b1137da96443c9a70b7618aaf22501f4946cda5e7a0103da73753e55509b9505c4ee70346308398896b
-
SSDEEP
98304:5W3iKD6FqceKujylxXJKvNYdgft51AV4ohU1uOAxTqI:5iYNXJKvNQgS4o7xTq
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
pid Process 2764 rundll32.exe 2764 rundll32.exe -
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 2764 rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2728 wrote to memory of 2764 2728 rundll32.exe 30 PID 2728 wrote to memory of 2764 2728 rundll32.exe 30 PID 2728 wrote to memory of 2764 2728 rundll32.exe 30 PID 2728 wrote to memory of 2764 2728 rundll32.exe 30 PID 2728 wrote to memory of 2764 2728 rundll32.exe 30 PID 2728 wrote to memory of 2764 2728 rundll32.exe 30 PID 2728 wrote to memory of 2764 2728 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b499f9290495e5e404e79573c3478d93b5c58d306812806fc5016d4c463edacb.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\b499f9290495e5e404e79573c3478d93b5c58d306812806fc5016d4c463edacb.dll,#12⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2764
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.4MB
MD5ff5c63efbba91a0eec9fc645da655b4c
SHA1d225ceff3601b57add69df7d854b2348a8980255
SHA256e1fbb97ff3607d569d584f78ce77a9dd2cf64dca05aebdbf3e55c9711e07b3be
SHA51296b963823d7a28e4d4ecd703aa26ad3d3e1d4086e09a4cc08ca88c30c9b8ceb42b7daf184e33b9175f87a566e78028cca3e6ab90ed6537598677f27b15eefce5
-
Filesize
264KB
MD5e0cd0800a00d51025968d778d0e6b2b3
SHA1cbba62613c441e94d2f4add503436f26d2af2f21
SHA256b4434b408409d36d8e0d0bcf41ad804d02fdee96bc7f8255105380bfcec0d1f5
SHA512633427c9573019c63fe50769bf78955eb9ceac6a8d47aaf6bcf57704dc26166fd657bfdfb7a7809a3353e8cd642dc9a011454c7d83c76eb9eca2e79d7fa74856