Analysis
-
max time kernel
15s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20241023-en -
resource tags
arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system -
submitted
09/11/2024, 10:28
Static task
static1
Behavioral task
behavioral1
Sample
292f7dc3a1ab73d750149f120a617be8dc4212e0995576c6d5caa4d378502a74N.dll
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
292f7dc3a1ab73d750149f120a617be8dc4212e0995576c6d5caa4d378502a74N.dll
Resource
win10v2004-20241007-en
General
-
Target
292f7dc3a1ab73d750149f120a617be8dc4212e0995576c6d5caa4d378502a74N.dll
-
Size
3KB
-
MD5
0c67fceddad7eaa1768457986a7c6b50
-
SHA1
5cc2a01e936b768711a58fe1037ea812fde96142
-
SHA256
292f7dc3a1ab73d750149f120a617be8dc4212e0995576c6d5caa4d378502a74
-
SHA512
35c675174deca57baa21e803c74f2bab8340e459a192bdd938e86481653171a4a7afd0645bcf3c23964ec43451e5cdba5e3a637970edb7bc051f8514bd50e724
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2036 wrote to memory of 2320 2036 rundll32.exe 30 PID 2036 wrote to memory of 2320 2036 rundll32.exe 30 PID 2036 wrote to memory of 2320 2036 rundll32.exe 30 PID 2036 wrote to memory of 2320 2036 rundll32.exe 30 PID 2036 wrote to memory of 2320 2036 rundll32.exe 30 PID 2036 wrote to memory of 2320 2036 rundll32.exe 30 PID 2036 wrote to memory of 2320 2036 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\292f7dc3a1ab73d750149f120a617be8dc4212e0995576c6d5caa4d378502a74N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2036 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\292f7dc3a1ab73d750149f120a617be8dc4212e0995576c6d5caa4d378502a74N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2320
-