64d76e4cc4634c433ac85f963ec51f6245a84f09ad1db25e5aa1f1b3e2c2d913

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
19-12-2024 21:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64d76e4cc4634c433ac85f963ec51f6245a84f09ad1db25e5aa1f1b3e2c2d913N.dll
Size

327KB
MD5

2484cc15625bab22fca213a23948dd70
SHA1

6c40da090bad5601e05524f67367593d149548ff
SHA256

64d76e4cc4634c433ac85f963ec51f6245a84f09ad1db25e5aa1f1b3e2c2d913
SHA512

c3ad207064a06b862b30d0aadebf6200e6ad1ae647e298e95fbbe13b77ec09b490a4e2f50713b80fb248f252ff94776a1a2945c8718ab62c4311ec525ac5295f
SSDEEP

6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2552	2368	rundll32.exe	30
PID 2368 wrote to memory of 2552	2368	rundll32.exe	30
PID 2368 wrote to memory of 2552	2368	rundll32.exe	30
PID 2368 wrote to memory of 2552	2368	rundll32.exe	30
PID 2368 wrote to memory of 2552	2368	rundll32.exe	30
PID 2368 wrote to memory of 2552	2368	rundll32.exe	30
PID 2368 wrote to memory of 2552	2368	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\64d76e4cc4634c433ac85f963ec51f6245a84f09ad1db25e5aa1f1b3e2c2d913N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\64d76e4cc4634c433ac85f963ec51f6245a84f09ad1db25e5aa1f1b3e2c2d913N.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2552

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads