Analysis
-
max time kernel
93s -
max time network
143s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
29-12-2024 10:50
General
-
Target
a3b2e0301aa2339298711bc117e1820c3e52dd8259eb0fbb4c9b2bef69032e6a.dll
-
Size
430KB
-
MD5
c7db6d02efd1706edee4bb150185ff53
-
SHA1
5e51254ba2465ed007c7140b4a10903d45b5d45c
-
SHA256
a3b2e0301aa2339298711bc117e1820c3e52dd8259eb0fbb4c9b2bef69032e6a
-
SHA512
860e25d96a9cca5a9f2578f560d94d13e03c0724a19093f34bcc3d4aad4d85cdd8f0327beabd2d07bfbba74efed58066c11e073ab15a0ae9f0f104e2e6e2ef81
-
SSDEEP
12288:q9j8pWxJdNxnSJwu416c9y0wiL7s1T37AVu68VnogfN7oSC:q9I+dGwu13UVb+n3fNM
Score
5/10
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 63 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b2e0301aa2339298711bc117e1820c3e52dd8259eb0fbb4c9b2bef69032e6a.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\a3b2e0301aa2339298711bc117e1820c3e52dd8259eb0fbb4c9b2bef69032e6a.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
C:\Windows\SysWOW64\svchost.exesvchost.exe fagahawhawhgawccc3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1016KB