Overview

overview

10

Static

static

1

Ns/AudioCapture.dll

windows7-x64

3

Ns/AudioCapture.dll

windows10-2004-x64

3

Ns/HTCTL32.dll

windows7-x64

3

Ns/HTCTL32.dll

windows10-2004-x64

3

Ns/PCICHEK.dll

windows7-x64

3

Ns/PCICHEK.dll

windows10-2004-x64

3

Ns/PCICL32.dll

windows7-x64

3

Ns/PCICL32.dll

windows10-2004-x64

3

Ns/TCCTL32.dll

windows7-x64

3

Ns/TCCTL32.dll

windows10-2004-x64

3

Ns/client32.exe

windows7-x64

10

Ns/client32.exe

windows10-2004-x64

10

Ns/msvcr100.dll

windows7-x64

3

Ns/msvcr100.dll

windows10-2004-x64

3

Ns/pcicapi.dll

windows7-x64

3

Ns/pcicapi.dll

windows10-2004-x64

3

Ns/remcmdstub.exe

windows7-x64

3

Ns/remcmdstub.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    92s
  • max time network
    94s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-09-2024 07:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ns/PCICHEK.dll

  • Size

    14KB

  • MD5

    3aabcd7c81425b3b9327a2bf643251c6

  • SHA1

    ea841199baa7307280fc9e4688ac75e5624f2181

  • SHA256

    0cff893b1e7716d09fb74b7a0313b78a09f3f48c586d31fc5f830bd72ce8331f

  • SHA512

    97605b07be34948541462000345f1e8f9a9134d139448d4f331cefeeca6dad51c025fcab09d182b86e5a4a8e2f9412b3745ec86b514b0523497c821cb6b8c592

  • SSDEEP

    192:uuYr6062b6Z1HVF6RRHXPPr+13fnYe+PjPIrI9FlP4r9ZCspE+TMlr78Vkf:uuYe72u6r+5nYPL7NheMr

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Ns\PCICHEK.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:704
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Ns\PCICHEK.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1728

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads