Overview
overview
10Static
static
3Setup/DirectX2D.dll
windows7-x64
3Setup/DirectX2D.dll
windows10-2004-x64
3Setup/Serilog.dll
windows7-x64
1Setup/Serilog.dll
windows10-2004-x64
1Setup/Setup.exe
windows7-x64
1Setup/Setup.exe
windows10-2004-x64
10Setup/SevenZip.dll
windows7-x64
1Setup/SevenZip.dll
windows10-2004-x64
1Setup/d2game.dll
windows7-x64
3Setup/d2game.dll
windows10-2004-x64
3Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
29-12-2024 11:43
Static task
static1
Behavioral task
behavioral1
Sample
Setup/DirectX2D.dll
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Setup/DirectX2D.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Setup/Serilog.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Setup/Serilog.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Setup/Setup.exe
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
Setup/Setup.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Setup/SevenZip.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Setup/SevenZip.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
Setup/d2game.dll
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
Setup/d2game.dll
Resource
win10v2004-20241007-en
General
-
Target
Setup/d2game.dll
-
Size
976KB
-
MD5
b6dde6f8a1b88fe4aae962064a6f5271
-
SHA1
177543d5128191e4eabeabd4e99041ff4d193652
-
SHA256
a9f8f9c014a760b568212c99f17f2c1b4e0e4d6082f9971d04bd3250fa931927
-
SHA512
8c28819c5fc8c449b1ca6b395ff35deb099a44f857be35323347834c3285c87d65067b547eb6dead26183a06499f0324445103f03ca35935a2016e2e0af09115
-
SSDEEP
24576:2jveAn9tcCk5sYGKbqKmKVHIhMkVdyfcoET3qU/1+:2R9tcCEsd69GoAc
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rundll32.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2548 wrote to memory of 2408 2548 rundll32.exe 30 PID 2548 wrote to memory of 2408 2548 rundll32.exe 30 PID 2548 wrote to memory of 2408 2548 rundll32.exe 30 PID 2548 wrote to memory of 2408 2548 rundll32.exe 30 PID 2548 wrote to memory of 2408 2548 rundll32.exe 30 PID 2548 wrote to memory of 2408 2548 rundll32.exe 30 PID 2548 wrote to memory of 2408 2548 rundll32.exe 30
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Setup\d2game.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:2548 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\Setup\d2game.dll,#12⤵
- System Location Discovery: System Language Discovery
PID:2408
-