Overview

overview

10

Static

static

10

Primordial...ix.bat

windows10-1703-x64

1

Primordial...GL.dll

windows10-1703-x64

3

Primordial...v2.dll

windows10-1703-x64

3

Primordial...et.dll

windows10-1703-x64

3

Primordial...nt.dll

windows10-1703-x64

3

Primordial..._1.dll

windows10-1703-x64

3

Primordial...32.dll

windows10-1703-x64

3

Primordial...-1.dll

windows10-1703-x64

3

Primordial...-1.dll

windows10-1703-x64

1

Primordial..._1.dll

windows10-1703-x64

3

Primordial...-6.dll

windows10-1703-x64

3

Primordial...-1.dll

windows10-1703-x64

3

Primordial...sw.dll

windows10-1703-x64

3

Primordial...in.dll

windows10-1703-x64

3

Primordial...ix.dll

windows10-1703-x64

1

Primordial...al.exe

windows10-1703-x64

10

Primordial...or.dll

windows10-1703-x64

1

Analysis

  • max time kernel
    14s
  • max time network
    18s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    15-10-2024 00:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Primordial/FIX/libssl-1_1.dll

  • Size

    924KB

  • MD5

    8a7d58e6c9c4d25c84dee3c64d027974

  • SHA1

    3e3c8218cc2cec46b1aa550f126fba564a94c9df

  • SHA256

    68f64b6d4d77c704d3caee3dd97e8cababd8717f5c764f8d1b919697ddfc7527

  • SHA512

    b56a532c3d53e7d73d700f9b6dc5e790a78c048e5bb1522fe75dafb1d556a5594d7d07d75dea7ccab6ace7b3644f6a2947dbc6a6acdc3c2ddc7c807a92eea157

  • SSDEEP

    24576:7UU0ODDlfQixG00OZclDZGXFu1UYaz99v0BAEjYkNN/OknUVQiQG7iiHh7IMwi:Z0V0GwZqAu1UYa7v0BAE8kNN/OknUZQO

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Primordial\FIX\libssl-1_1.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4944
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Primordial\FIX\libssl-1_1.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3076-0-0x0000000073511000-0x00000000736F5000-memory.dmp

    Filesize

    1.9MB

    Download