Resubmissions

29-11-2024 14:08

241129-rfpqlazjg1 10

29-11-2024 14:03

241129-rcyjbsyrd1 10

Analysis

  • max time kernel
    121s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29-11-2024 14:08

General

  • Target

    lib/CEF3.dll

  • Size

    695KB

  • MD5

    1340a58ff6cf1847f322e405761abab1

  • SHA1

    c2861973d7371e7eba69a9ccbb32172c982a09bd

  • SHA256

    8c70385d509677b3a501f2b708e5f6178544405ad88357869a166e9913d46baa

  • SHA512

    a6605c37e3741b9e3424d7cce9f10c535248f227f90995fae4b729812597b1f9350170e29c6200d77d3d21709bcea756c3839fcf81965752389999055c1905b5

  • SSDEEP

    12288:antsZ5qc7rU0oHg5I16p6mRnBAvrXS7wd:a+qc7rloHg5I16p7nBAvEwd

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\lib\CEF3.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2076
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\lib\CEF3.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads