Overview

overview

3

Static

static

3

eAPI.dll

windows7-x64

3

eAPI.dll

windows10-2004-x64

3

krnln.dll

windows7-x64

3

krnln.dll

windows10-2004-x64

3

svshost.exe

windows7-x64

3

svshost.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    09-10-2024 04:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    eAPI.dll

  • Size

    316KB

  • MD5

    85a9c0102c3f69b6b3422e6b55443cdb

  • SHA1

    a6bbb3ed9ef8498161efa7126bd1d0e2c2031d3a

  • SHA256

    cbd9e8fbd425882fe9c45f906ec81911a06ec7dca8aaa3fe72c5aec368e6eec4

  • SHA512

    83d897838b152a57643cdaf24a15c1a6e080b722ee5f805426986888319605c89b49351a998a52312c7d72ed2b51598d1b8856e5e73642e1d53b67f320e98ddc

  • SSDEEP

    6144:w7WkIeDaS95ZSFBJLdWAJARVewQ++2LZda3:w7WKGS/ZSFBZEAJARkwQWLn

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\eAPI.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\eAPI.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2484

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads