Analysis
-
max time kernel
92s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20240910-en -
resource tags
arch:x64arch:x86image:win10v2004-20240910-enlocale:en-usos:windows10-2004-x64system -
submitted
12/09/2024, 20:21
Static task
static1
Behavioral task
behavioral1
Sample
d00e612a504b53cf6f73931523fe3250N.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
d00e612a504b53cf6f73931523fe3250N.dll
Resource
win10v2004-20240910-en
General
-
Target
d00e612a504b53cf6f73931523fe3250N.dll
-
Size
5KB
-
MD5
d00e612a504b53cf6f73931523fe3250
-
SHA1
1c778d2e65d83c5c6c4b78408a25c4d5eb7c3fa4
-
SHA256
cfcb53b68f44b4f857a704c508d443a2e6e6887d1639ab74bca1a9b4093ac606
-
SHA512
3b43e8cba0123064f67660da5c2e746d71a59d970f07a3ad0be56201a627c96383c086845756b9a50d8d189633575bcbbc17fe3c8d60d45df38f24b4d1d023bb
-
SSDEEP
96:hy859x0P8Ma9B7BY1XgSgqSTThPZ5g91K:F5oLsB7Ew7Ze
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 4944 wrote to memory of 2184 4944 rundll32.exe 83 PID 4944 wrote to memory of 2184 4944 rundll32.exe 83 PID 4944 wrote to memory of 2184 4944 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d00e612a504b53cf6f73931523fe3250N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4944 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\d00e612a504b53cf6f73931523fe3250N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2184
-