Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-12-2024 13:12

General

  • Target

    a74698c4f42c2cca66ff854076a2f673729e1da2b444a1f8f0f13c303b9e3960.dll

  • Size

    211KB

  • MD5

    6faa1af8c7077fa41d49973f939144bc

  • SHA1

    61ab314d609249a6e109814a46d7c6f65a98d26d

  • SHA256

    a74698c4f42c2cca66ff854076a2f673729e1da2b444a1f8f0f13c303b9e3960

  • SHA512

    95f4196a6c16cb812194cbb862e0810f4ad687933b6acdded00f2290e23af30b93468da99aa86a1eaaad71f4d0fb3e5c9543f60ab0c809f6adfce1937efaaadb

  • SSDEEP

    3072:TnMoFkOKCg3CXmSSZlzgeBTg4vRPo5NNFs+XNtUU/chmcFTulOVq5pNOV8SAkb85:TMJOWK4l0wqOVq1W8St8CUHF

Score
3/10

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\a74698c4f42c2cca66ff854076a2f673729e1da2b444a1f8f0f13c303b9e3960.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2344
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\a74698c4f42c2cca66ff854076a2f673729e1da2b444a1f8f0f13c303b9e3960.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2512

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2512-0-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

  • memory/2512-2-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB

  • memory/2512-1-0x0000000010000000-0x0000000010039000-memory.dmp

    Filesize

    228KB