Analysis
-
max time kernel
102s -
max time network
102s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
15/10/2024, 03:09
Static task
static1
Behavioral task
behavioral1
Sample
865843712e666e3fe60a982a92dfac8056450a27e25978d259741b56cab9ff2aN.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
865843712e666e3fe60a982a92dfac8056450a27e25978d259741b56cab9ff2aN.dll
Resource
win10v2004-20241007-en
General
-
Target
865843712e666e3fe60a982a92dfac8056450a27e25978d259741b56cab9ff2aN.dll
-
Size
7KB
-
MD5
857cfe87f0f92900716c81b5f21db040
-
SHA1
fb38b37c5c7c2f1dfe671164f4e16fa83afecf9c
-
SHA256
865843712e666e3fe60a982a92dfac8056450a27e25978d259741b56cab9ff2a
-
SHA512
1f29cf8cd244c9a3110778d7b341552bb636a3c90fcaf52fdf7e7316cfd80232536972212f1f6584f76c30d9f03b5d082f78931a749b589d992852ee8467a8b5
-
SSDEEP
48:66ay5YVO3EVkApc2wp8hH1NZn5EquglQ067YbPW/bABbgL3q9J5S2hmc:b3EVkApcX4Hiv0hbPdq3qX5S2hV
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1880 wrote to memory of 5088 1880 rundll32.exe 84 PID 1880 wrote to memory of 5088 1880 rundll32.exe 84 PID 1880 wrote to memory of 5088 1880 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\865843712e666e3fe60a982a92dfac8056450a27e25978d259741b56cab9ff2aN.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1880 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\865843712e666e3fe60a982a92dfac8056450a27e25978d259741b56cab9ff2aN.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:5088
-