Analysis

  • max time kernel
    150s
  • max time network
    160s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    17-11-2024 15:40

General

  • Target

    MIXED CRACKING PACK #2/DorkToolsV.5.0/msacm32.dll

  • Size

    91KB

  • MD5

    67705d9f5cc5b1b5369020db75a96cca

  • SHA1

    361570bd4996035fae9a00643e2702af71c20258

  • SHA256

    a81f6c00abb9f93e087e7cc327152548d48ac41e4e87b641d35de9ee9c32c428

  • SHA512

    9daeb80668c3fb6ef30d7cd3ef0dc299f88ee4c00ce0abe6ccc21c345102e4a1b7584b25da8a90b2d7126df3da42fc0704db9a32f3da0a3d456a03d0e821f1e0

  • SSDEEP

    1536:ifCbzJH52ngXggYD/Yi3oMfZCV75h4zlQKw2xLGO3qnjG7pPzsk:ieVkgYDAi3omMVhcl7CO6njGV7H

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MIXED CRACKING PACK #2\DorkToolsV.5.0\msacm32.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4228
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\MIXED CRACKING PACK #2\DorkToolsV.5.0\msacm32.dll",#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1852

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads