Analysis
-
max time kernel
94s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 10:28
Static task
static1
Behavioral task
behavioral1
Sample
292f7dc3a1ab73d750149f120a617be8dc4212e0995576c6d5caa4d378502a74N.dll
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
292f7dc3a1ab73d750149f120a617be8dc4212e0995576c6d5caa4d378502a74N.dll
Resource
win10v2004-20241007-en
General
-
Target
292f7dc3a1ab73d750149f120a617be8dc4212e0995576c6d5caa4d378502a74N.dll
-
Size
3KB
-
MD5
0c67fceddad7eaa1768457986a7c6b50
-
SHA1
5cc2a01e936b768711a58fe1037ea812fde96142
-
SHA256
292f7dc3a1ab73d750149f120a617be8dc4212e0995576c6d5caa4d378502a74
-
SHA512
35c675174deca57baa21e803c74f2bab8340e459a192bdd938e86481653171a4a7afd0645bcf3c23964ec43451e5cdba5e3a637970edb7bc051f8514bd50e724
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3696 wrote to memory of 3396 3696 rundll32.exe 83 PID 3696 wrote to memory of 3396 3696 rundll32.exe 83 PID 3696 wrote to memory of 3396 3696 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\292f7dc3a1ab73d750149f120a617be8dc4212e0995576c6d5caa4d378502a74N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:3696 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\292f7dc3a1ab73d750149f120a617be8dc4212e0995576c6d5caa4d378502a74N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:3396
-