Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
08-01-2025 13:40
General
-
Target
$PLUGINSDIR/gjspvjmvb.dll
-
Size
21KB
-
MD5
cb5ae97fd494cd241495179668d3a3d2
-
SHA1
33e6282a11c9140860710cd4a251e428e5cb75b8
-
SHA256
2e31c7a695a70e216180fefa04ff81c8ad783b72b8d5fe40f506e00ada784f6f
-
SHA512
83d265679fcb712cb8810d9b24a68c2d952cdb00656464b3c52a34a9bac48a62d2ed26d82ff0837946876bc1d992796376703a394da4c451cae671a043f32f44
-
SSDEEP
384:aSpqwtpSNch8eco6p87VVV++jtFQmsDyPVyQYEJILzZcR:aSpptpVG8vVljI5DYiEJILzZk
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\gjspvjmvb.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\gjspvjmvb.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\gjspvjmvb.dll,#13⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB