Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
27-09-2024 13:51
Behavioral task
behavioral1
Sample
c35f35a9e54f35375bc2f72842d038c4121a5cc6314ac7cbabca6a8dc463cfcd.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
c35f35a9e54f35375bc2f72842d038c4121a5cc6314ac7cbabca6a8dc463cfcd.dll
Resource
win10v2004-20240802-en
General
-
Target
c35f35a9e54f35375bc2f72842d038c4121a5cc6314ac7cbabca6a8dc463cfcd.dll
-
Size
164KB
-
MD5
81d10b00af8c31044ea7aa32e4958625
-
SHA1
2ae88e4d130eb6e57f6b03a8264f11d1a6fdfdcf
-
SHA256
c35f35a9e54f35375bc2f72842d038c4121a5cc6314ac7cbabca6a8dc463cfcd
-
SHA512
aabd830b5a342cbb67fbc76afe9d87acf1088b0309d4350b7bc28ba7d214f2cc667a790cba9e6fd283773180daab37e0d42ef4bacccb4ad1a493fa7675f8bb3e
-
SSDEEP
3072:v0XoUeZ/DVS8L73ea4MoCLfqQvFfDPGPWuUgR:veoUeZR2TRCWQFfDGMg
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 276 wrote to memory of 2348 276 rundll32.exe 31 PID 276 wrote to memory of 2348 276 rundll32.exe 31 PID 276 wrote to memory of 2348 276 rundll32.exe 31 PID 276 wrote to memory of 2348 276 rundll32.exe 31 PID 276 wrote to memory of 2348 276 rundll32.exe 31 PID 276 wrote to memory of 2348 276 rundll32.exe 31 PID 276 wrote to memory of 2348 276 rundll32.exe 31
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c35f35a9e54f35375bc2f72842d038c4121a5cc6314ac7cbabca6a8dc463cfcd.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:276 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\c35f35a9e54f35375bc2f72842d038c4121a5cc6314ac7cbabca6a8dc463cfcd.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2348
-