Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
14/09/2024, 23:42
General
-
Target
9dec1864df1517bdd6c4d4056d780070N.dll
-
Size
47KB
-
MD5
9dec1864df1517bdd6c4d4056d780070
-
SHA1
93611f92254ea1dedf95b6047e18a4dd4e1b83d6
-
SHA256
e1d60f63d87312822b420047ec43d6db1d77b7658a565f756072566545edadea
-
SHA512
1914cfcfd0f00ba5ec2d7b58cc62a115e601c26b427b827451d7e23207859617b108dfa3b13c37ceb8a9baedcbf9f760f8b9ce810cda487c52121b2f77d7a983
-
SSDEEP
768:1MCeKbqWNGyWyzA1Cb8qzIaqotfUF9Wbdk1YoMRG6RJI:1MCLZNYyzUQftf09uRG6J
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 11 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9dec1864df1517bdd6c4d4056d780070N.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9dec1864df1517bdd6c4d4056d780070N.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 2243⤵
- Program crash
-
-