Overview

overview

10

Static

static

3

File.exe

windows7-x64

10

File.exe

windows10-2004-x64

10

updates/Ca...ng.dll

windows10-2004-x64

3

updates/Ca...re.dll

windows10-2004-x64

3

updates/Ca...nt.dll

windows10-2004-x64

3

updates/Ca...gr.dll

windows10-2004-x64

3

updates/Ca...lr.dll

windows7-x64

3

updates/Ca...lr.dll

windows10-2004-x64

3

updates/Ca...nk.dll

windows10-2004-x64

3

updates/Wi...pn.dll

windows10-2004-x64

3

updates/WsmSvc.dll

windows10-2004-x64

3

updates/dl...rf.dll

windows7-x64

3

updates/dl...rf.dll

windows10-2004-x64

3

updates/dl...ib.dll

windows7-x64

3

updates/dl...ib.dll

windows10-2004-x64

3

updates/dl...00.dll

windows7-x64

3

updates/dl...00.dll

windows10-2004-x64

3

updates/dl...00.dll

windows7-x64

3

updates/dl...00.dll

windows10-2004-x64

3

updates/dl...rs.dll

windows10-2004-x64

1

updates/dl...rs.dll

windows7-x64

3

updates/dl...rs.dll

windows10-2004-x64

3

updates/dl...up.dll

windows10-2004-x64

1

updates/dl...In.dll

windows7-x64

1

updates/dl...In.dll

windows10-2004-x64

1

updates/dl...ch.dll

windows7-x64

1

updates/dl...ch.dll

windows10-2004-x64

1

updates/dl...ns.dll

windows7-x64

3

updates/dl...ns.dll

windows10-2004-x64

3

updates/dl...gn.dll

windows7-x64

1

updates/dl...gn.dll

windows10-2004-x64

1

updates/dl...ls.dll

windows7-x64

3

Analysis

  • max time kernel
    89s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22/11/2024, 18:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    updates/Cache_Data/CbsCore.dll

  • Size

    2.1MB

  • MD5

    4cfec4ad388bb464700229c41bbd0f9d

  • SHA1

    9ec52429b0e758f4dbf25da66c856f4036204025

  • SHA256

    079d43ecd7d3be041436f2d3f032aa0ed8603f6682465d6139fe3745a2625e11

  • SHA512

    16b9a51709134601fbb55489366949ebf04ac37da8b578c02b8979d460baec73fcfd74df4a7a3778b2b780c74c34e0d5398ee6297f00192bf2580b699b199454

  • SSDEEP

    49152:NqRcZBqfW5t7q6CmuIKMDtTvNx8Gg5YZ9jAMFAI3Qb:NqRcOfW5tJCHIKMhvfCk9jAMyb

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\updates\Cache_Data\CbsCore.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5068
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\updates\Cache_Data\CbsCore.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads