Analysis
-
max time kernel
119s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
22-12-2024 13:12
Static task
static1
Behavioral task
behavioral1
Sample
a74698c4f42c2cca66ff854076a2f673729e1da2b444a1f8f0f13c303b9e3960.dll
Resource
win7-20240903-en
General
-
Target
a74698c4f42c2cca66ff854076a2f673729e1da2b444a1f8f0f13c303b9e3960.dll
-
Size
211KB
-
MD5
6faa1af8c7077fa41d49973f939144bc
-
SHA1
61ab314d609249a6e109814a46d7c6f65a98d26d
-
SHA256
a74698c4f42c2cca66ff854076a2f673729e1da2b444a1f8f0f13c303b9e3960
-
SHA512
95f4196a6c16cb812194cbb862e0810f4ad687933b6acdded00f2290e23af30b93468da99aa86a1eaaad71f4d0fb3e5c9543f60ab0c809f6adfce1937efaaadb
-
SSDEEP
3072:TnMoFkOKCg3CXmSSZlzgeBTg4vRPo5NNFs+XNtUU/chmcFTulOVq5pNOV8SAkb85:TMJOWK4l0wqOVq1W8St8CUHF
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2344 wrote to memory of 2512 2344 rundll32.exe 31 PID 2344 wrote to memory of 2512 2344 rundll32.exe 31 PID 2344 wrote to memory of 2512 2344 rundll32.exe 31 PID 2344 wrote to memory of 2512 2344 rundll32.exe 31 PID 2344 wrote to memory of 2512 2344 rundll32.exe 31 PID 2344 wrote to memory of 2512 2344 rundll32.exe 31 PID 2344 wrote to memory of 2512 2344 rundll32.exe 31
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a74698c4f42c2cca66ff854076a2f673729e1da2b444a1f8f0f13c303b9e3960.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2344 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a74698c4f42c2cca66ff854076a2f673729e1da2b444a1f8f0f13c303b9e3960.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2512
-