Analysis
-
max time kernel
122s -
max time network
130s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
03-12-2024 06:03
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6632fc5ec3340c29aed587f734670ca2f4a7c2b57d08f1a0d76f50131e396f3d.dll
Resource
win7-20240903-en
windows7-x64
4 signatures
150 seconds
General
-
Target
6632fc5ec3340c29aed587f734670ca2f4a7c2b57d08f1a0d76f50131e396f3d.dll
-
Size
1.0MB
-
MD5
7c881a25f0a01896be07b29c1805d6f8
-
SHA1
89eb1e453a1d2004f63e9110d5f8779fc67c24b9
-
SHA256
6632fc5ec3340c29aed587f734670ca2f4a7c2b57d08f1a0d76f50131e396f3d
-
SHA512
408fc1db1dac4814284789e724b9d7e5e4714af5dd23963ff76be13b1ec45953cc78b64e526210157c0ddc920c4b375ff19038198013e5c6aeea2895c27e26dc
-
SSDEEP
3072:o6pU5Y1DXnbMn7Uzkop61/dAzV2O3XwTBftrm2YedGf3QKZDO:o6C5AXbMn7UI1FoV2gwTBlrIckPE
Malware Config
Signatures
-
Yunsip family
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2236 wrote to memory of 1792 2236 rundll32.exe 30 PID 2236 wrote to memory of 1792 2236 rundll32.exe 30 PID 2236 wrote to memory of 1792 2236 rundll32.exe 30 PID 2236 wrote to memory of 1792 2236 rundll32.exe 30 PID 2236 wrote to memory of 1792 2236 rundll32.exe 30 PID 2236 wrote to memory of 1792 2236 rundll32.exe 30 PID 2236 wrote to memory of 1792 2236 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6632fc5ec3340c29aed587f734670ca2f4a7c2b57d08f1a0d76f50131e396f3d.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\6632fc5ec3340c29aed587f734670ca2f4a7c2b57d08f1a0d76f50131e396f3d.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:1792
-