Analysis

  • max time kernel
    93s
  • max time network
    95s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/10/2024, 12:00

General

  • Target

    SsmpVlogLayerComm.dll

  • Size

    297KB

  • MD5

    f6c0cad3b226f84cb12f0f52927a26c7

  • SHA1

    35042cb4025a91c6c40b5e9a3cc060f9473579b2

  • SHA256

    0433fdec2e89d3e3092c4c1a0430b44727aada6cae7484a0ea08ca2859a940e2

  • SHA512

    d9e8d5315fe9c4015c9b0fa79977ebd888cc179937b56db0dc48b47f15e503a0f7f2529b78beccda49dce369e6644a4afe278386ca23cfca3ca20c4a7a9578ef

  • SSDEEP

    6144:d9SqiyJ2WQBM8AGuGGJmrW6nmbS+wN4f8rbv65p4SQlNvw/5cdn74CYm:zriFWCM8AGGJmrW6mbS+wN4f4JSmN/mA

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\SsmpVlogLayerComm.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4992
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\SsmpVlogLayerComm.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4648

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4648-0-0x0000000002880000-0x00000000028C1000-memory.dmp

    Filesize

    260KB