Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
28-09-2024 18:51
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
114930b482d50e712e8a50bc3df4ffc5cbc6d16ff0307a2a9873c7b8b2703323.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
General
-
Target
114930b482d50e712e8a50bc3df4ffc5cbc6d16ff0307a2a9873c7b8b2703323.dll
-
Size
1.0MB
-
MD5
e909718353327e160e98e242745d2d3a
-
SHA1
e44d98a891a607508dc531b5a8d58fb23e045ae7
-
SHA256
114930b482d50e712e8a50bc3df4ffc5cbc6d16ff0307a2a9873c7b8b2703323
-
SHA512
0b74e4a9cd26b4bb73963f795ddd6898304143f6de3accda75a82d54c8e52e1fac9bdc0e9f468d70d8b9f4f3e010e4624672c6ea85f18e88765ff55510f8b3d8
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYY2:o6RI1Fo/wT3cJYYYYYYYYYYYY2
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1964 wrote to memory of 2664 1964 rundll32.exe 30 PID 1964 wrote to memory of 2664 1964 rundll32.exe 30 PID 1964 wrote to memory of 2664 1964 rundll32.exe 30 PID 1964 wrote to memory of 2664 1964 rundll32.exe 30 PID 1964 wrote to memory of 2664 1964 rundll32.exe 30 PID 1964 wrote to memory of 2664 1964 rundll32.exe 30 PID 1964 wrote to memory of 2664 1964 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\114930b482d50e712e8a50bc3df4ffc5cbc6d16ff0307a2a9873c7b8b2703323.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1964 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\114930b482d50e712e8a50bc3df4ffc5cbc6d16ff0307a2a9873c7b8b2703323.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2664
-