Analysis
-
max time kernel
92s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
21-11-2024 11:09
General
-
Target
$PLUGINSDIR/nsExec.dll
-
Size
11KB
-
MD5
7c0dc12cdc807a3bb4afda989a663f95
-
SHA1
3db74d921bd68ce73834de4636bbec03b21723ff
-
SHA256
0d022cc0aa60a3f41dbeb6776e9acb016ff3d42396e3371f15cc22352e621eb5
-
SHA512
22301b351c0332fce7b0d6b21e2b1dc9a850658b8ac610bfa4fb9d02adfbdad30211f04edcabd4141574d243cb6333ef78adb6647860641c84e5d6dc6f635a20
-
SSDEEP
192:nQux93kCB6nGYq1f9ymY1aulOaBETAJYkvQhHLrqNo25JF/:nLx937B6GY48HQulOGETAJYkvmLr0oSD
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsExec.dll,#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 6123⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2096 -ip 20961⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
36KB