Analysis
-
max time kernel
148s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 20:13
Static task
static1
Behavioral task
behavioral1
Sample
1c81a143bfb8ff58ad61cbbfe655f8cdf19cbb687875d8136ee4d2ccb45987fa.dll
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
1c81a143bfb8ff58ad61cbbfe655f8cdf19cbb687875d8136ee4d2ccb45987fa.dll
Resource
win10v2004-20241007-en
General
-
Target
1c81a143bfb8ff58ad61cbbfe655f8cdf19cbb687875d8136ee4d2ccb45987fa.dll
-
Size
6KB
-
MD5
5af45033f3875990db03001d14461633
-
SHA1
01f3798ce2514b4c4b3dd5d1e013d0531ac7904c
-
SHA256
1c81a143bfb8ff58ad61cbbfe655f8cdf19cbb687875d8136ee4d2ccb45987fa
-
SHA512
733ab5d1c49f144ec2d653f3d597719890898b02e44d0d33763ce9928100aa5cc31fe4a13a397a37775d04a82d005b4cc491e6414d3adad78cde63065687a457
-
SSDEEP
48:6AA35YVOQDV8FszwydlAYsLFV3G0+B+BDq9J5S2:0QDV8FscMjsLFV3GB+FqX5S2
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 532 wrote to memory of 4268 532 rundll32.exe 83 PID 532 wrote to memory of 4268 532 rundll32.exe 83 PID 532 wrote to memory of 4268 532 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1c81a143bfb8ff58ad61cbbfe655f8cdf19cbb687875d8136ee4d2ccb45987fa.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:532 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\1c81a143bfb8ff58ad61cbbfe655f8cdf19cbb687875d8136ee4d2ccb45987fa.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:4268
-