Analysis

  • max time kernel
    63s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    17/10/2024, 00:31

General

  • Target

    npkcrypt.dll

  • Size

    236KB

  • MD5

    e3fa2cd23814b44ea8f1aa76ba95b557

  • SHA1

    bff20ce7f972746fcf16c8f7d2a733eaf1e4da82

  • SHA256

    fd5a97ae28ee2f111551023a1dbbd6ed5824f4dec4faf531d47b756ea0e2e0d5

  • SHA512

    8aa66c6877c1d3413346ba07f0de83462d3a4a84829a4a38525c156e4a34c74978252ab4ce981f319df88c76ef8cf37be3e295cf01326f1e954e2f78c0cafe3c

  • SSDEEP

    3072:aXOrVEJFGWkUo5r2pryB0f3ejXwJPtte9iLmhj0wASFgn6bgLo2npUbWO9Elf:aerf0o52YBWeDwYkaAR6b0Ucf

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious behavior: LoadsDriver 4 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\npkcrypt.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:528
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\npkcrypt.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1172

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads