Analysis
-
max time kernel
93s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 22:57
Static task
static1
Behavioral task
behavioral1
Sample
953a0e9e92bffaffff4256509d9208fe958d5711d3bc3ffb0366241936ad1eaaN.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
953a0e9e92bffaffff4256509d9208fe958d5711d3bc3ffb0366241936ad1eaaN.dll
Resource
win10v2004-20241007-en
General
-
Target
953a0e9e92bffaffff4256509d9208fe958d5711d3bc3ffb0366241936ad1eaaN.dll
-
Size
5KB
-
MD5
b3049641126666770207338894499160
-
SHA1
27ed5056f1aa3f68e1e3acdd8d43cb8bcbe95aa5
-
SHA256
953a0e9e92bffaffff4256509d9208fe958d5711d3bc3ffb0366241936ad1eaa
-
SHA512
f338c89a4e878dafee2dd2e7066603962858c95b2a36023a3a52d663a5f44b045f20cefa7e26fa11f280cc53353bbebc51cc3942b69f78a49b377839040fbb28
-
SSDEEP
96:hy859x0P8MayC1/cGYCK1hfoO4ZuhiFyenl5sq2:F5oLjCJYT1lFqf2
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2700 wrote to memory of 4908 2700 rundll32.exe 83 PID 2700 wrote to memory of 4908 2700 rundll32.exe 83 PID 2700 wrote to memory of 4908 2700 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\953a0e9e92bffaffff4256509d9208fe958d5711d3bc3ffb0366241936ad1eaaN.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2700 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\953a0e9e92bffaffff4256509d9208fe958d5711d3bc3ffb0366241936ad1eaaN.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:4908
-