Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
09/11/2024, 22:22
Static task
static1
Behavioral task
behavioral1
Sample
552864a786690422534bc0c7059eebda6a3ee98b46d85ba47442ea9df5a306f0.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
552864a786690422534bc0c7059eebda6a3ee98b46d85ba47442ea9df5a306f0.dll
Resource
win10v2004-20241007-en
General
-
Target
552864a786690422534bc0c7059eebda6a3ee98b46d85ba47442ea9df5a306f0.dll
-
Size
3KB
-
MD5
7d3fe04ef18db0c5f3bb97305c85369c
-
SHA1
a6f96d7071ce5d16d65068c87b58ad28de1666f2
-
SHA256
552864a786690422534bc0c7059eebda6a3ee98b46d85ba47442ea9df5a306f0
-
SHA512
7e103b6183a09b3adbe29e401036bb070ef366f594ffc2287bf6a9519bb446d9044afb4990c9d82521b785425e606469dc25784db87d52a9c4eb727ac04d098b
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2432 wrote to memory of 2192 2432 rundll32.exe 30 PID 2432 wrote to memory of 2192 2432 rundll32.exe 30 PID 2432 wrote to memory of 2192 2432 rundll32.exe 30 PID 2432 wrote to memory of 2192 2432 rundll32.exe 30 PID 2432 wrote to memory of 2192 2432 rundll32.exe 30 PID 2432 wrote to memory of 2192 2432 rundll32.exe 30 PID 2432 wrote to memory of 2192 2432 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\552864a786690422534bc0c7059eebda6a3ee98b46d85ba47442ea9df5a306f0.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2432 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\552864a786690422534bc0c7059eebda6a3ee98b46d85ba47442ea9df5a306f0.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2192
-