Overview

overview

3

Static

static

1

d7c8edca9f...3b.dll

windows7-x64

3

d7c8edca9f...3b.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/10/2024, 12:07

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    d7c8edca9f7cf9b00ce2ab40ddf832d3a1f9b2ae00f29596e28e7dc8b64cc03b.dll

  • Size

    2.4MB

  • MD5

    765a3a10582d76b639850239697b275a

  • SHA1

    7db1274197bb822a52c15d830de9b58020f41a72

  • SHA256

    d7c8edca9f7cf9b00ce2ab40ddf832d3a1f9b2ae00f29596e28e7dc8b64cc03b

  • SHA512

    b4dac4cabd9b1d265623e7fed661a27fcef36753159153760c46564fe56227e392a65461336b29e0ea4d623a3ca84c897d6df86aec93057533747b06dd52e888

  • SSDEEP

    49152:Ju5DwbJ3F8SnAZDWfw8Ljb3a6SaeAozeYXgHhsHg7tMuLIUASTjaZBv64POs6J:Y6AZDv8z3arAMHg7t/LJAc48J

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7c8edca9f7cf9b00ce2ab40ddf832d3a1f9b2ae00f29596e28e7dc8b64cc03b.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3120
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7c8edca9f7cf9b00ce2ab40ddf832d3a1f9b2ae00f29596e28e7dc8b64cc03b.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2152

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads