Analysis
-
max time kernel
84s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
17-12-2024 02:27
Static task
static1
Behavioral task
behavioral1
Sample
9b964db155cf55d16bbd194abdc0efa95c31bf17cd92b42cb1297ef89690ede7N.dll
Resource
win7-20240903-en
General
-
Target
9b964db155cf55d16bbd194abdc0efa95c31bf17cd92b42cb1297ef89690ede7N.dll
-
Size
216KB
-
MD5
a98b7fe101fb649b40ad68a6e9527320
-
SHA1
3da05f58c791332f73b4cc8e12322b549704a268
-
SHA256
9b964db155cf55d16bbd194abdc0efa95c31bf17cd92b42cb1297ef89690ede7
-
SHA512
ff13b28f627f01134539cdaaf5ef107abcc0799d44d5993e54da7ce3672932a41eae8d25206f3571f244dc93170693af0157756b6710c12f0b0c8c947021de9d
-
SSDEEP
3072:xnMoFkOKCg3CXmSSZlzgeBTg4vRPo5NNFs+XNtUU/chmcFTulOVq5pNOOhFmugEl:xMJOWK4l0wqOVq1VhFd7JiW
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2084 wrote to memory of 2760 2084 rundll32.exe 31 PID 2084 wrote to memory of 2760 2084 rundll32.exe 31 PID 2084 wrote to memory of 2760 2084 rundll32.exe 31 PID 2084 wrote to memory of 2760 2084 rundll32.exe 31 PID 2084 wrote to memory of 2760 2084 rundll32.exe 31 PID 2084 wrote to memory of 2760 2084 rundll32.exe 31 PID 2084 wrote to memory of 2760 2084 rundll32.exe 31
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9b964db155cf55d16bbd194abdc0efa95c31bf17cd92b42cb1297ef89690ede7N.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2084 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\9b964db155cf55d16bbd194abdc0efa95c31bf17cd92b42cb1297ef89690ede7N.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2760
-