Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
10-11-2024 01:39
Static task
static1
Behavioral task
behavioral1
Sample
ad8b4e31cbf11ef9a5b75de2f91ff1f51ce5f70b3a8ae486e7539cfdfed9069b.dll
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
ad8b4e31cbf11ef9a5b75de2f91ff1f51ce5f70b3a8ae486e7539cfdfed9069b.dll
Resource
win10v2004-20241007-en
General
-
Target
ad8b4e31cbf11ef9a5b75de2f91ff1f51ce5f70b3a8ae486e7539cfdfed9069b.dll
-
Size
6KB
-
MD5
7af7844161c3ddb0262e6a65adc0ffd7
-
SHA1
b57cc9bbe7d0b80b464ab9226547337433fcc3dd
-
SHA256
ad8b4e31cbf11ef9a5b75de2f91ff1f51ce5f70b3a8ae486e7539cfdfed9069b
-
SHA512
e10ef5891519175762913732d3e18ede0ace715571cc9ef4a6b53b0cdc2cc3bf20bbd348f7c4d9c6afe96a5ad3dd0855ac8ce6d8a727a0f0f7d08f3dfcbd5a2b
-
SSDEEP
192:F5oLXCIldlAYwS6vXxEfD0S/rlGpu8xS:F5mySbAS6vXxEfDJZkr
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
rundll32.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
rundll32.exedescription pid process target process PID 2884 wrote to memory of 2916 2884 rundll32.exe rundll32.exe PID 2884 wrote to memory of 2916 2884 rundll32.exe rundll32.exe PID 2884 wrote to memory of 2916 2884 rundll32.exe rundll32.exe PID 2884 wrote to memory of 2916 2884 rundll32.exe rundll32.exe PID 2884 wrote to memory of 2916 2884 rundll32.exe rundll32.exe PID 2884 wrote to memory of 2916 2884 rundll32.exe rundll32.exe PID 2884 wrote to memory of 2916 2884 rundll32.exe rundll32.exe
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8b4e31cbf11ef9a5b75de2f91ff1f51ce5f70b3a8ae486e7539cfdfed9069b.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2884 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8b4e31cbf11ef9a5b75de2f91ff1f51ce5f70b3a8ae486e7539cfdfed9069b.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2916