Analysis
-
max time kernel
95s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 20:29
Static task
static1
Behavioral task
behavioral1
Sample
ea79d86923c436c322d229d6ef8082d784fb8527de2e08e90406bd99beeffbd4N.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
ea79d86923c436c322d229d6ef8082d784fb8527de2e08e90406bd99beeffbd4N.dll
Resource
win10v2004-20241007-en
General
-
Target
ea79d86923c436c322d229d6ef8082d784fb8527de2e08e90406bd99beeffbd4N.dll
-
Size
5KB
-
MD5
32afa2beae8cb39195607a0c5ff241f0
-
SHA1
7b6c46e105d6348ace06d895f42ea2495dece965
-
SHA256
ea79d86923c436c322d229d6ef8082d784fb8527de2e08e90406bd99beeffbd4
-
SHA512
a093f163cd9e098b5a67eb114aaf1ddef63bf3f01d66c5955e4e9c8f5768557adb263198ca6752a5dcb1f9ef219ebc81408c5f8ba7629f6f04cf1dea6d379daa
-
SSDEEP
96:hy859x0P8Maymh47aFhNLv6iguxup1A0gSCoH:F5oLi9FhNLb8A
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 860 wrote to memory of 2044 860 rundll32.exe 83 PID 860 wrote to memory of 2044 860 rundll32.exe 83 PID 860 wrote to memory of 2044 860 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ea79d86923c436c322d229d6ef8082d784fb8527de2e08e90406bd99beeffbd4N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:860 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ea79d86923c436c322d229d6ef8082d784fb8527de2e08e90406bd99beeffbd4N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2044
-