Analysis
-
max time kernel
92s -
max time network
93s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
10-11-2024 01:36
Static task
static1
Behavioral task
behavioral1
Sample
69c2517f316005b3f8e7d4f9271ce821fdcd347855096a756f24ef6da8374278N.dll
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
69c2517f316005b3f8e7d4f9271ce821fdcd347855096a756f24ef6da8374278N.dll
Resource
win10v2004-20241007-en
General
-
Target
69c2517f316005b3f8e7d4f9271ce821fdcd347855096a756f24ef6da8374278N.dll
-
Size
5KB
-
MD5
eebead62ba452ae72e857a611fbdcd50
-
SHA1
306ed3a9cd0ccc2d1bad7da0efe58f52b734901b
-
SHA256
69c2517f316005b3f8e7d4f9271ce821fdcd347855096a756f24ef6da8374278
-
SHA512
5ab3c61ef55fe523954f55b3c027f8f16ba65cabf54e6bf7f9aeea3ccb80b04a3a8b0d7842bd152978053aa1ce9d52a9ae0e636178a61a65d917970981c971e3
-
SSDEEP
48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqLAcol2j8Ssi6lp0YnFnvQy89UiEwi+iFi2:hy859x0P8Ma62QE+F7Ii9iai0FiAcj+
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
rundll32.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
rundll32.exedescription pid process target process PID 4844 wrote to memory of 4072 4844 rundll32.exe rundll32.exe PID 4844 wrote to memory of 4072 4844 rundll32.exe rundll32.exe PID 4844 wrote to memory of 4072 4844 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\69c2517f316005b3f8e7d4f9271ce821fdcd347855096a756f24ef6da8374278N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:4844 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\69c2517f316005b3f8e7d4f9271ce821fdcd347855096a756f24ef6da8374278N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:4072
-