Overview

overview

10

Static

static

1

download.zip

windows11-21h2-x64

1

HTCTL32.dll

windows11-21h2-x64

3

LogoDev.png

windows11-21h2-x64

3

NSM.lic

windows11-21h2-x64

3

NSM.ini

windows11-21h2-x64

3

PCICHEK.dll

windows11-21h2-x64

3

PCICL32.dll

windows11-21h2-x64

3

Setup/2CEE...61F46s

windows11-21h2-x64

1

Setup/A88D...81E1Ds

windows11-21h2-x64

1

Setup/CC88...6233Fs

windows11-21h2-x64

1

Setup/Sigm...tising

windows11-21h2-x64

1

Setup/Sigma/LICENSE

windows11-21h2-x64

1

Setup/Sigma/Staging

windows11-21h2-x64

1

TCCTL32.dll

windows11-21h2-x64

3

client32.exe

windows11-21h2-x64

10

client32.ini

windows11-21h2-x64

3

delegatedW...es.xml

windows11-21h2-x64

1

install_state.json

windows11-21h2-x64

3

msvcr100.dll

windows11-21h2-x64

3

nskbfltr.inf

windows11-21h2-x64

3

nsm_vpro.ini

windows11-21h2-x64

3

package_metadata

windows11-21h2-x64

1

pcicapi.dll

windows11-21h2-x64

3

remcmdstub.exe

windows11-21h2-x64

3

Analysis

  • max time kernel
    440s
  • max time network
    442s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    08-10-2024 13:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TCCTL32.dll

  • Size

    387KB

  • MD5

    2c88d947a5794cf995d2f465f1cb9d10

  • SHA1

    c0ff9ea43771d712fe1878dbb6b9d7a201759389

  • SHA256

    2b92ea2a7d2be8d64c84ea71614d0007c12d6075756313d61ddc40e4c4dd910e

  • SHA512

    e55679ff66ded375a422a35d0f92b3ac825674894ae210dbef3642e4fc232c73114077e84eae45c6e99a60ef4811f4a900b680c3bf69214959fa152a3dfbe542

  • SSDEEP

    12288:HqArkLoM/5iec2yxvUh3ho2LDnOQQ1k3+h9APjbom/n6:ekuK2XOjksobom/n6

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\TCCTL32.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1740
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\TCCTL32.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads