acbe83c027d51f0b3ba67c9daab07c338f46580abf21e0d497e31cd9929ff206

Analysis

max time kernel
97s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
21/09/2024, 05:04

Target

acbe83c027d51f0b3ba67c9daab07c338f46580abf21e0d497e31cd9929ff206N.dll
Size

4.6MB
MD5

eaae95adb1f75e37ac01b8f0aa0c88d0
SHA1

20713961ed50be8d515686d44a6ed30a526601cd
SHA256

acbe83c027d51f0b3ba67c9daab07c338f46580abf21e0d497e31cd9929ff206
SHA512

8650eeae240d5f7c13065910b4bbcdaaa8c4f98c9ef4e97e5e970c3ed4e26f4c4449c3e045d404a52a9c4702eae82b23769e0efa8c78d56f3c04cfcd8e5e9da1
SSDEEP

98304:2u6vOjpN0H3zgdXgK3c8iBxFs2iqkyyMtFHzkYhAxcikKql3WG:5Bpm2R3ZEtpz5ATkK635

Score

3^/10

discovery

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

System Language Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 3472	3660	rundll32.exe	82
PID 3660 wrote to memory of 3472	3660	rundll32.exe	82
PID 3660 wrote to memory of 3472	3660	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\acbe83c027d51f0b3ba67c9daab07c338f46580abf21e0d497e31cd9929ff206N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\acbe83c027d51f0b3ba67c9daab07c338f46580abf21e0d497e31cd9929ff206N.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3472

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/3472-0-0x000000007499D000-0x0000000074C19000-memory.dmp

Filesize
2.5MB

Download
memory/3472-1-0x0000000000BF0000-0x0000000000BF1000-memory.dmp

Filesize
4KB

Download
memory/3472-6-0x0000000074980000-0x00000000750BC000-memory.dmp

Filesize
7.2MB

Download
memory/3472-2-0x0000000074980000-0x00000000750BC000-memory.dmp

Filesize
7.2MB

Download
memory/3472-7-0x0000000074980000-0x00000000750BC000-memory.dmp

Filesize
7.2MB

Download
memory/3472-8-0x000000007499D000-0x0000000074C19000-memory.dmp

Filesize
2.5MB

Download