Overview

overview

10

Static

static

3

cb4ce52998...bN.dll

windows7-x64

3

cb4ce52998...bN.dll

windows10-2004-x64

10

Analysis

  • max time kernel
    15s
  • max time network
    16s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    04-01-2025 23:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cb4ce52998edc1f275a9596023e5ae49ca8c4f5b7c18c5fb7bf4808b1a963f0bN.dll

  • Size

    218KB

  • MD5

    4944c3c7766cf2d73a16b2121aed5020

  • SHA1

    e0012aabe10552971084447aa4194d4e60f41c81

  • SHA256

    cb4ce52998edc1f275a9596023e5ae49ca8c4f5b7c18c5fb7bf4808b1a963f0b

  • SHA512

    2cbadb3d125d819d2c5df6622a02f475d463331e0b78580265e8549499891eae04d1eed6025c36bf5549ead984224d8534d140d69dc7f7663bbae6b120bcd685

  • SSDEEP

    3072:7hwdGVOvU7NKe9r8vrTtoeNr1wszxXemxVpr2lQBV+UdE+rECWp7hK8:7h7P7wGGbtX7BBV+UdvrEFp7hK8

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb4ce52998edc1f275a9596023e5ae49ca8c4f5b7c18c5fb7bf4808b1a963f0bN.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2504
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\cb4ce52998edc1f275a9596023e5ae49ca8c4f5b7c18c5fb7bf4808b1a963f0bN.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:2552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads