Analysis
-
max time kernel
140s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
14-10-2024 13:00
Static task
static1
Behavioral task
behavioral1
Sample
AvastSvcZEg/AvastSvc.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
AvastSvcZEg/AvastSvc.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
AvastSvcZEg/wsc.dll
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
AvastSvcZEg/wsc.dll
Resource
win10v2004-20241007-en
General
-
Target
AvastSvcZEg/wsc.dll
-
Size
52KB
-
MD5
831252e7fa9bd6fa174715647ebce516
-
SHA1
bf8c5bf141f0db53000805f2629e6e031d137ceb
-
SHA256
6491c646397025bf02709f1bd3025f1622abdc89b550ac38ce6fac938353b954
-
SHA512
0be6e898dcb75b32358bb8c2214e7b9453034ecfbe71d092df75b186a28f97ae7d5737f010b9d9e781c6b4cf3da19ee4a7cf5002604d23c527c55a3f7a0dba04
-
SSDEEP
768:ctRTzgT291lvLotXKUoImwKvuZ+UHo4QIkfbZoN:ctRHgTWPcpmwKf4X2oN
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3660 wrote to memory of 976 3660 rundll32.exe 83 PID 3660 wrote to memory of 976 3660 rundll32.exe 83 PID 3660 wrote to memory of 976 3660 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\AvastSvcZEg\wsc.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3660 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\AvastSvcZEg\wsc.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:976
-