Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
12/09/2024, 20:21
Static task
static1
Behavioral task
behavioral1
Sample
d00e612a504b53cf6f73931523fe3250N.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d00e612a504b53cf6f73931523fe3250N.dll
Resource
win10v2004-20240910-en
General
-
Target
d00e612a504b53cf6f73931523fe3250N.dll
-
Size
5KB
-
MD5
d00e612a504b53cf6f73931523fe3250
-
SHA1
1c778d2e65d83c5c6c4b78408a25c4d5eb7c3fa4
-
SHA256
cfcb53b68f44b4f857a704c508d443a2e6e6887d1639ab74bca1a9b4093ac606
-
SHA512
3b43e8cba0123064f67660da5c2e746d71a59d970f07a3ad0be56201a627c96383c086845756b9a50d8d189633575bcbbc17fe3c8d60d45df38f24b4d1d023bb
-
SSDEEP
96:hy859x0P8Ma9B7BY1XgSgqSTThPZ5g91K:F5oLsB7Ew7Ze
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2420 wrote to memory of 1036 2420 rundll32.exe 30 PID 2420 wrote to memory of 1036 2420 rundll32.exe 30 PID 2420 wrote to memory of 1036 2420 rundll32.exe 30 PID 2420 wrote to memory of 1036 2420 rundll32.exe 30 PID 2420 wrote to memory of 1036 2420 rundll32.exe 30 PID 2420 wrote to memory of 1036 2420 rundll32.exe 30 PID 2420 wrote to memory of 1036 2420 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d00e612a504b53cf6f73931523fe3250N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2420 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d00e612a504b53cf6f73931523fe3250N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:1036
-