Analysis
-
max time kernel
104s -
max time network
120s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
28/11/2024, 09:41
General
-
Target
87557afed23c24d7d9867917e325b4a679563bcd701a7fe99874bf10442a037cN.dll
-
Size
92KB
-
MD5
89c21e4dccee4820c0bc7d78ad2ba5c0
-
SHA1
d9bcf75516b84733ac005cd96fe54f73c28f5c33
-
SHA256
87557afed23c24d7d9867917e325b4a679563bcd701a7fe99874bf10442a037c
-
SHA512
3f4a729f03bca43a5fca45ab588893fe429f957c0c2f0a351498caefb68d9ddce52b385b55f121ac0f852314cbed60de0de05708751262678964debb4c30f366
-
SSDEEP
1536:RJaYOFIols/Cxpz6lotZrU75ctmlrYseImnPxqqPDzwkSIhb0c94McE2B7chOd:RJajaOoC5ZQ7StmaznPpgT20gSPB7ch
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 5 IoCs
-
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\87557afed23c24d7d9867917e325b4a679563bcd701a7fe99874bf10442a037cN.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\87557afed23c24d7d9867917e325b4a679563bcd701a7fe99874bf10442a037cN.dll,#12⤵
- Blocklisted process makes network request
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
-