e4bdfc5dee2559aba73e88fa3c0185821d328a1ead618e578352623687fa9ae7

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-12-2024 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Dox Tool V3 Cracked/Search.ProtocolHandler.MAPI2.dll
Size

276KB
MD5

1eff11ced2866665f101892e9d097d14
SHA1

3aeec6fb969b0036c6f940db4ce1e63bde607518
SHA256

a90c1a13965f534565f98b4a7c0de5804b35482e9668f3d60df8a1c039e51ad9
SHA512

4c1b8423f5c43f1676e9625af0ada601e19283744992c148c0f8e79bff655c56e694a866da9fa3eab178c231457d30d371e5b469045a45d26814937bbc171fd9
SSDEEP

6144:5RFuPQsVHJ+gQEBTjsX1X503HjXZIEbBdkB80NcJSTxVhDWW3W6NBKxCf+G1q:cQb1X5+HxdkB80Nc0VhDWWmW8

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3156 wrote to memory of 544	3156	regsvr32.exe	82
PID 3156 wrote to memory of 544	3156	regsvr32.exe	82
PID 3156 wrote to memory of 544	3156	regsvr32.exe	82

C:\Windows\system32\regsvr32.exe
regsvr32 /s "C:\Users\Admin\AppData\Local\Temp\Dox Tool V3 Cracked\Search.ProtocolHandler.MAPI2.dll"
1⤵
- Suspicious use of WriteProcessMemory
PID:3156
- C:\Windows\SysWOW64\regsvr32.exe
  /s "C:\Users\Admin\AppData\Local\Temp\Dox Tool V3 Cracked\Search.ProtocolHandler.MAPI2.dll"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads