Analysis
-
max time kernel
94s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 22:21
Static task
static1
Behavioral task
behavioral1
Sample
2c1b437450b82c674c4e9d096d176db6b5a18abcda2bfeeb4718f03c8f9f9190N.dll
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
2c1b437450b82c674c4e9d096d176db6b5a18abcda2bfeeb4718f03c8f9f9190N.dll
Resource
win10v2004-20241007-en
General
-
Target
2c1b437450b82c674c4e9d096d176db6b5a18abcda2bfeeb4718f03c8f9f9190N.dll
-
Size
3KB
-
MD5
ca11d4f4a3447a4606d273c2d2c3ab90
-
SHA1
9844b7c22021e40dc01754b89f2fefc479d39af7
-
SHA256
2c1b437450b82c674c4e9d096d176db6b5a18abcda2bfeeb4718f03c8f9f9190
-
SHA512
861ae1e7098e5f438891eebcfa2ff43e11cc3ec2a92aa4f035ae9b9ed7c2c9867394b450148aa240add9658699950371955b6c550c584d16255e985e08a66d97
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3896 wrote to memory of 2716 3896 rundll32.exe 83 PID 3896 wrote to memory of 2716 3896 rundll32.exe 83 PID 3896 wrote to memory of 2716 3896 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2c1b437450b82c674c4e9d096d176db6b5a18abcda2bfeeb4718f03c8f9f9190N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3896 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2c1b437450b82c674c4e9d096d176db6b5a18abcda2bfeeb4718f03c8f9f9190N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2716
-