Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-12-2024 12:47

General

  • Target

    NMPluginBase.dll

  • Size

    187KB

  • MD5

    14e48e064ed774aed4c006bad9036fb2

  • SHA1

    44d45b17b97aabc2a30770d8bb61398eae137c50

  • SHA256

    6be7f6ae09d028f7a2144b6050d669b8199d2ce1086a22e0b85cffdbdcfbffaa

  • SHA512

    203000e665a9d661994edeecc9080c43b79e480d4dffc366f1aed9814fc350cf0a8010296660d42ebd30bf6cfdcc932cea1a449232c89f2d2b4e71a9ca6eff07

  • SSDEEP

    3072:yO5yQgD9wY5qDX2qBOx8anxeq1NODeQMAixFZrkPlBVrixxjYpxfciyMJsaU+ByI:yOBgD9wY5qDX2qBOx8anZ4Y7rkPlBTEI

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies registry class 59 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\NMPluginBase.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3684
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\NMPluginBase.dll
      2⤵
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      PID:4464

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads