Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
19/11/2024, 18:14
General
-
Target
fab36c89aa8e4e3ccb06e6b5734298e44f581a91e5cc4fb44eebf34381d872af.dll
-
Size
2.2MB
-
MD5
758fa95d2a7acb7a737017c48bc7b976
-
SHA1
818bbf0389f9f9bbb7b5710af478b463f899ddd1
-
SHA256
fab36c89aa8e4e3ccb06e6b5734298e44f581a91e5cc4fb44eebf34381d872af
-
SHA512
69d6002e78665662570cfa014f68b8012e1f9305a977e9b9ae621e58445bbd759873e4a5d92e5ec930e7f1765556325f977709c88cb848e32a7c8b0cf56590be
-
SSDEEP
49152:Uotjv9Nb6rvHR53n2XeCBvMR3+XKrHo0aSHBJpCmURwES5pCyzpgM7Z5nEm0rUYJ:/tjv9Nb6rvHR53n2XeCBvMR3+XKrHo0m
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fab36c89aa8e4e3ccb06e6b5734298e44f581a91e5cc4fb44eebf34381d872af.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\fab36c89aa8e4e3ccb06e6b5734298e44f581a91e5cc4fb44eebf34381d872af.dll,#12⤵
- System Location Discovery: System Language Discovery
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.2MB
-
Filesize
2.2MB