Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    02-11-2024 19:53

General

  • Target

    github/crashhandler.dll

  • Size

    361KB

  • MD5

    921ecaa849aa3eebea83cc117f057bbc

  • SHA1

    b7eac57ca1e82b1011379893c88c76906b8c6833

  • SHA256

    956264d928cc41776196b6a8162bf5895e0f093cc8049842fc90ad55e8c2f198

  • SHA512

    2ea60ab1c5119254c38e136c3f1a88450fc0256fe5dcc621dd42235c72f50ef5ae2cf8fd481ee0cd663ee8173c09522fc7e11d72101072617d40ad193af9b3a7

  • SSDEEP

    6144:nLCe3fmcLI/FH/XGch7xAAucANXuwzg1LqFEZOogHiWlqjt+v1Y4dAVAO8ZZNOGk:nmeOcLkHnhNAAucANXuwzgQFE6iWlJvy

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\github\crashhandler.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2336
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\github\crashhandler.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1948

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads