Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
14-10-2024 00:50
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
8cd7c3484dc6efd65911c1847706803a2079e186a093f8a909443580bc7c7416.dll
Resource
win7-20240903-en
windows7-x64
3 signatures
150 seconds
General
-
Target
8cd7c3484dc6efd65911c1847706803a2079e186a093f8a909443580bc7c7416.dll
-
Size
714KB
-
MD5
482a67f4a5412d550fb09a3acd3e19ba
-
SHA1
9105d5eace5ea603e9f13d3462f164c1c6653563
-
SHA256
8cd7c3484dc6efd65911c1847706803a2079e186a093f8a909443580bc7c7416
-
SHA512
fd9f55a1e5fd113c37d37dd24c8f1057a83dba6a21ecd2db9384c1e481196836ac69f9efc86b3a2db2c72f489bbbae8ac92062b609cccec6ea56e00e19dcfb9b
-
SSDEEP
6144:o6C5AXbMn7UI1FoV2gwTBlrIckPJYYYYYYYYYYYYz:o6RI1Fo/wT3cJYYYYYYYYYYYYz
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2508 wrote to memory of 2364 2508 rundll32.exe 30 PID 2508 wrote to memory of 2364 2508 rundll32.exe 30 PID 2508 wrote to memory of 2364 2508 rundll32.exe 30 PID 2508 wrote to memory of 2364 2508 rundll32.exe 30 PID 2508 wrote to memory of 2364 2508 rundll32.exe 30 PID 2508 wrote to memory of 2364 2508 rundll32.exe 30 PID 2508 wrote to memory of 2364 2508 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8cd7c3484dc6efd65911c1847706803a2079e186a093f8a909443580bc7c7416.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2508 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\8cd7c3484dc6efd65911c1847706803a2079e186a093f8a909443580bc7c7416.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2364
-