Overview

overview

10

Static

static

3

d868d3f592...18.exe

windows7-x64

10

d868d3f592...18.exe

windows10-2004-x64

10

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

reformulation.dll

windows7-x64

3

reformulation.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    08-12-2024 19:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    reformulation.dll

  • Size

    20KB

  • MD5

    b9890706b7c586ecc555f11cd08f20d1

  • SHA1

    5091c58f54e7933d5a3d05ecbb85c065e63cebac

  • SHA256

    f02a6b2a3c90707919964c94acdf7edd69601431b78d5b20264c32b2314bc704

  • SHA512

    7910095dfeede5b8683612457feb5b416c12ef40b12540c59120f7b62a45a37125a2af7630f6e32e11242091cd6cb18f49dd758eaf7d4834c4e520644dc06586

  • SSDEEP

    384:D9LZFCv1tOb96CoUkz7m/XdKllmpKIBMjb:D9jCv1wb9LoVUKlmlM

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\reformulation.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2624
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\reformulation.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads