Analysis

  • max time kernel
    149s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-11-2024 07:41

General

  • Target

    Epoch2/Modules/1934_7a6669f882f20114524eb040f6c0de89_dll.dll

  • Size

    125KB

  • MD5

    7a6669f882f20114524eb040f6c0de89

  • SHA1

    98f5e820e105c1f118ef61c6cf8e3bb126b59ece

  • SHA256

    8978fe0138a848bd7170203efc3a1c54f30d960c04a0816423026c88a97488a9

  • SHA512

    98939a1aab381713089d712213ef2d23c5d733b4b4eec4f264ac4233ca0799ce6b5752fec688823404626df66041f8170124d34245246b49640ccea89f0d37e5

  • SSDEEP

    3072:qJa9mnaclnGbib8n+snPrPNujG9eMUUGtWgdikl:qzdbWzNZ9ev3N

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Epoch2\Modules\1934_7a6669f882f20114524eb040f6c0de89_dll.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4976
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Epoch2\Modules\1934_7a6669f882f20114524eb040f6c0de89_dll.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3956

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads