Analysis
-
max time kernel
96s -
max time network
99s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09/11/2024, 21:18
Static task
static1
Behavioral task
behavioral1
Sample
32d384bb8b29775bb50c7b544d5285d8a0ab49dca3370343acddd9cef5c23eaeN.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
32d384bb8b29775bb50c7b544d5285d8a0ab49dca3370343acddd9cef5c23eaeN.dll
Resource
win10v2004-20241007-en
General
-
Target
32d384bb8b29775bb50c7b544d5285d8a0ab49dca3370343acddd9cef5c23eaeN.dll
-
Size
6KB
-
MD5
af513a472547ee7b0bbe5d346f787e30
-
SHA1
1cbaf5f7eb5fce32c4cb6a1ca14c3c5724f150a3
-
SHA256
32d384bb8b29775bb50c7b544d5285d8a0ab49dca3370343acddd9cef5c23eae
-
SHA512
829ae09687c81be2dd82f142a9a9210c38a112da5a70d6cbc07ebbd88a5f07ed6453abbc019d28cfca1d074885d7802db5234bb68472f0759defeba644af72aa
-
SSDEEP
48:C6VonAHso6U7lYa92RrpjwDmetlG95hx+iMHhjcLGBwleGJroUWr4kD1PE52sU5g:nEY2RrF1eqwi4qwCle++JRbNi
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 1104 wrote to memory of 708 1104 rundll32.exe 83 PID 1104 wrote to memory of 708 1104 rundll32.exe 83 PID 1104 wrote to memory of 708 1104 rundll32.exe 83
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\32d384bb8b29775bb50c7b544d5285d8a0ab49dca3370343acddd9cef5c23eaeN.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:1104 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\32d384bb8b29775bb50c7b544d5285d8a0ab49dca3370343acddd9cef5c23eaeN.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:708
-