Analysis
-
max time kernel
94s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
11/09/2024, 17:46
General
-
Target
$PLUGINSDIR/INetC.dll
-
Size
21KB
-
MD5
e3a5b9cd4fe661a85a6138849012697f
-
SHA1
c33625c80fd4665f2baf9e4277fce351a628f688
-
SHA256
443b250f166ecb83d9cd2280c5a94ba326cb4d7231dc69be058f86bb76d71f8c
-
SHA512
99a7075b05e66bf062abebf40793aa76fd47e2c2b134795942bff3f73c606a1e635ffc59d58a56ed1dbdde006c772038b3feddd54d6b96ebc93e4cb3f17ee829
-
SSDEEP
384:41a9QNG3/gyv5YZunBV/K+zcgGWhkAOjrp0Ac9khYLMkIX0+GzyeEagY4+:39qGvg4jBV/xIgzhkA1C
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\INetC.dll,#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 6243⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 3040 -ip 30401⤵