Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20240910-en -
resource tags
-
submitted
27/09/2024, 18:56
General
-
Target
af046b9f5e2380df8490253570334f14101606d96c958c953fef7307d415bd41N.dll
-
Size
9KB
-
MD5
f00fc32c81f90678d230bb6a67243730
-
SHA1
15169d02443f46e1d87fe09ff95f213dbd25326f
-
SHA256
af046b9f5e2380df8490253570334f14101606d96c958c953fef7307d415bd41
-
SHA512
457aeda1e04296ecb0e0da4c3d958852138fd983501057cd56b8ed68ca0384f20e71dbd3c53a8ee0324aac497fa1e8cc98dcf3c5c30f4f447cb40453bfddc159
-
SSDEEP
192:nrvqijC1qAnS530R/JhrCncDNwxQ8VYNrRYTq3HyAdd8:LbjwqAnxJ9+SNwxzVU2q3r
Score
5/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\af046b9f5e2380df8490253570334f14101606d96c958c953fef7307d415bd41N.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\af046b9f5e2380df8490253570334f14101606d96c958c953fef7307d415bd41N.dll,#12⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
52KB