Analysis
-
max time kernel
104s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
31-10-2024 08:25
Static task
static1
Behavioral task
behavioral1
Sample
31a90c59ea78df47d4441cc7e4d34c6fb05806f66855cbfc89185c4976e7b574N.dll
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
31a90c59ea78df47d4441cc7e4d34c6fb05806f66855cbfc89185c4976e7b574N.dll
Resource
win10v2004-20241007-en
General
-
Target
31a90c59ea78df47d4441cc7e4d34c6fb05806f66855cbfc89185c4976e7b574N.dll
-
Size
4KB
-
MD5
c01ee8290104f608c32d45bb2061da60
-
SHA1
4514017187561329c42e48e9885200d1c995d6bc
-
SHA256
31a90c59ea78df47d4441cc7e4d34c6fb05806f66855cbfc89185c4976e7b574
-
SHA512
57ede8f40ab386dd59160ab33843d54e134a3e273418c7c8daaf51e64c1adfd1e864ff0abacba0f8a8440a6b2e63dd0df3798af192304d9207ef104377670f1a
-
SSDEEP
48:SWkO0IoyTnXz+ihZjok5bEgBdnPnKh80GSCngSGuekJz0dzn:ZJTnXzvokSknq80GTgS3z0hn
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
rundll32.exedescription ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid Process procid_target PID 4836 wrote to memory of 4312 4836 rundll32.exe 84 PID 4836 wrote to memory of 4312 4836 rundll32.exe 84 PID 4836 wrote to memory of 4312 4836 rundll32.exe 84
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\31a90c59ea78df47d4441cc7e4d34c6fb05806f66855cbfc89185c4976e7b574N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4836 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\31a90c59ea78df47d4441cc7e4d34c6fb05806f66855cbfc89185c4976e7b574N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:4312
-