dc811cc216e3cf694ac24841ea7df9df90175608af5a413070f58f685ecea10a

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
01/10/2024, 21:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

plugins/access/libaccess_http_plugin.dll
Size

89KB
MD5

d85839521546692289617932ca678a0e
SHA1

9fed98d714d753a30538905e37a5c0d8804218c5
SHA256

87b3f4f10e05c119e0c6ae3181ef9a375b042f55d0f7269c4ec88964b7dec813
SHA512

a7d3003c0d0c9ac76cc424101fc99aaa2b50106f25a70d7297e5b0ad2a9455d4c1a967864f19239438c70529c13702548fcfac7956f12c0ba7786dc0bb96fb59
SSDEEP

1536:ec0m7X9DWeNF8sX6mmI2Jl5QWNEi26MlKog5l2++VA9HvSFIOSnToIf82:echziaoog58++VAl2eTBf8

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 2420	2696	rundll32.exe	30
PID 2696 wrote to memory of 2420	2696	rundll32.exe	30
PID 2696 wrote to memory of 2420	2696	rundll32.exe	30
PID 2696 wrote to memory of 2420	2696	rundll32.exe	30
PID 2696 wrote to memory of 2420	2696	rundll32.exe	30
PID 2696 wrote to memory of 2420	2696	rundll32.exe	30
PID 2696 wrote to memory of 2420	2696	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\plugins\access\libaccess_http_plugin.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\plugins\access\libaccess_http_plugin.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads