Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2024, 10:26

General

  • Target

    $COMMONFILES/Angels/Scan.dll

  • Size

    1.2MB

  • MD5

    023bf6617c3fc1afe014d0b7a9e5bd6f

  • SHA1

    945a8d8468a1fb07cb887e559f678bde064b9a0b

  • SHA256

    feccbc30132cd4eff44e5aa2b2b08ccca334247e537e427ab44c530e5feedab5

  • SHA512

    b43159e80c79513fb348def05c3ac8dc1c8c0b25a981eedb50263549e5433cbfffcfb5fb423758ec7bd61ce3bb105b8df22a35e6d8690b89ccc86c4f3177350b

  • SSDEEP

    24576:CgcIwdCFEXGwz6Ff78H8KZ7SI7ErlB6azPTkkkkkkkkkkkkkkUkkkkkkkkkkkkk/:CgcIwi5nQ24EreytZ2cL

Score
3/10

Malware Config

Signatures

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$COMMONFILES\Angels\Scan.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1624
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$COMMONFILES\Angels\Scan.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4736
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 628
        3⤵
        • Program crash
        PID:4976
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 4736 -ip 4736
    1⤵
      PID:4204

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads