Overview

overview

10

Static

static

10

Paranoid C...FS.dll

windows7-x64

1

Paranoid C...FS.dll

windows10-2004-x64

1

Paranoid C...et.dll

windows7-x64

1

Paranoid C...et.dll

windows10-2004-x64

1

Paranoid C...se.dll

windows7-x64

1

Paranoid C...se.dll

windows10-2004-x64

1

Paranoid C...on.dll

windows7-x64

1

Paranoid C...on.dll

windows10-2004-x64

1

Paranoid C...pf.dll

windows7-x64

1

Paranoid C...pf.dll

windows10-2004-x64

1

Paranoid C....7.exe

windows7-x64

10

Paranoid C....7.exe

windows10-2004-x64

10

Paranoid C...el.dll

windows7-x64

1

Paranoid C...el.dll

windows10-2004-x64

1

Paranoid C...cs.dll

windows7-x64

1

Paranoid C...cs.dll

windows10-2004-x64

3

Paranoid C...ls.dll

windows7-x64

1

Paranoid C...ls.dll

windows10-2004-x64

3

Paranoid C...v2.dll

windows7-x64

1

Paranoid C...v2.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    93s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-12-2024 12:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Paranoid Checker 4.1.7/System.ServiceModel.Internals.dll

  • Size

    804KB

  • MD5

    bc3dbd339745e51c60dbd0a095eb50d5

  • SHA1

    d90c71463ca0c55aa942bf71c308daed386bd8fa

  • SHA256

    0be5890dee0dc8ccd1444781287dfeed46bbfbdbf4ee289e564ea98ea94e006d

  • SHA512

    2894b4c55e868920945a45de1b5b1d6a3f5685049ad7e005b872be1fd7744b818137f4e153ff68c15911a77a6a757d20925aae28202b838741ca4e2945369263

  • SSDEEP

    24576:uvdATaScs0gmCWtS4B9plalsmUdJFxtZVnL7CO2XO8mYv:uFATaScs0gzhbQYv

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Paranoid Checker 4.1.7\System.ServiceModel.Internals.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4088
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Paranoid Checker 4.1.7\System.ServiceModel.Internals.dll",#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:3832

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads