Overview

overview

10

Static

static

3

c5d50cd8ce...a9.exe

windows7-x64

10

c5d50cd8ce...a9.exe

windows10-2004-x64

8

$PLUGINSDI...lo.dll

windows7-x64

3

$PLUGINSDI...lo.dll

windows10-2004-x64

3

$PLUGINSDI...VT.dll

windows7-x64

3

$PLUGINSDI...VT.dll

windows10-2004-x64

3

$PLUGINSDI...ZG.dll

windows7-x64

3

$PLUGINSDI...ZG.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    20/11/2024, 03:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $PLUGINSDIR/wjjAKIqNZVT.dll

  • Size

    367KB

  • MD5

    25e93633a3533409ec5963b2ef48c81a

  • SHA1

    7c3ab6dd14975e3863cfe85e9fc3af2facd68f53

  • SHA256

    097f4b3f90d501ef6cf171460dcdceb4382643c6bf1c55a739227f71b1bdc422

  • SHA512

    7632564579ad1319344bd8bcc2b3df5acd93c9dd428f10fe61ba2a6b258a2cf57f0de70a3d1bb4fde484792d250385788336a27c4c1ed8e25f87109a65da68bc

  • SSDEEP

    6144:WQoCcbX2e63Ns+YMhpiuTktQJbs7bvxFux2R4bq53SPQk:WQoCaXR63phpzTktQJ4Z0x2R4bqQPQk

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\wjjAKIqNZVT.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\wjjAKIqNZVT.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2520

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads