Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
06-01-2025 16:03
General
-
Target
$PLUGINSDIR/hkdklixzga.dll
-
Size
19KB
-
MD5
fe53df25d11886ebd5c24164328ca8bf
-
SHA1
3d051e82d0bd8bbd4c5647ab11a36e8fe0407631
-
SHA256
d3827d83d541e98cff0bb89a27c2db75e59b62ed57a934cc8c9e6a9623864716
-
SHA512
578a786ea59572ae33b245314493bfda501eadde6bfcad2e20fd45e39e7d2e6e237403ed912f38aebd3fa79c582f27e7846f0896e22e01d1e276abcb8b32eecc
-
SSDEEP
192:JPEvK1NldFntndU2KQb3s63lfap1J24HrrdbY2T2/pa7Na7x36Af6TdzFIiqsXQ/:xEC1rdFtdUsnap1o4HOXpa7hAClH4f
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\hkdklixzga.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\hkdklixzga.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\hkdklixzga.dll,#13⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB