Overview

overview

10

Static

static

3

0535498d42...18.exe

windows7-x64

10

0535498d42...18.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

NsResize.dll

windows7-x64

3

NsResize.dll

windows10-2004-x64

3

dbtoepub

ubuntu-18.04-amd64

1

dbtoepub

debian-9-armhf

1

dbtoepub

debian-9-mips

1

dbtoepub

debian-9-mipsel

1

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    01-10-2024 09:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NsResize.dll

  • Size

    87KB

  • MD5

    2a37de04157fcc12c2cd20ae21abb6b9

  • SHA1

    78d584c34d0c6231cd63f9cc7e6bd19c95044d66

  • SHA256

    d3c81a5884473fb14b88733fb66c7cc18198c65967c1e45651396b96a1687e2e

  • SHA512

    7b67c372151cec82e442fa02b9b9f40a339753b77b7c82cbb54d9634f194a9dd44883010d2b7bba14bf8ed91ca49688c5a0e81e1016d11b405901319981237ed

  • SSDEEP

    1536:2kG+Uh+mtdZ8h1uZoMUXF5+TtThc1NHaWirFW+BCp1euMRWWvIVhVxFDBjj/yp5t:6RXKgo0sK6YEXLtLA5XsC5v

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\NsResize.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1884
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\NsResize.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1924

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads