Analysis
-
max time kernel
419s -
max time network
421s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
20-12-2024 17:36
General
-
Target
$PLUGINSDIR/nsJSON.dll
-
Size
22KB
-
MD5
c8222584e91b74c47f5ce2a84d1cdc4f
-
SHA1
750359dd536c840b1d4016826af7f34a8562e242
-
SHA256
6785ab17a6c27be18072aa1c274078321b4ea27bfa752d3c882ec3093dc4637b
-
SHA512
a89f0083c791e7d4d54fd728e848e44bd44ef9e11c799a48ab95a48d3c4e02e68699e28818c1232b694120973ac0c3e418740759830ef70d328d7ef9e5789f51
-
SSDEEP
384:qdctoQMA9RtBHo45eqtTv/lddWUn89tNj5AYXqUYevrTZg9MyhTZrdSw:qFqRtBneqtTXldBn+tNDqqz1mMIrn
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\nsJSON.dll,#12⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 6083⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 1456 -ip 14561⤵