Analysis
-
max time kernel
93s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
09-01-2025 19:46
General
-
Target
$PLUGINSDIR/udpjzymus.dll
-
Size
38KB
-
MD5
35c7e2a63c059a4dbdb41078633ab8a2
-
SHA1
c718c7587166f41d2bd3ba94ee23bbb85ca16f96
-
SHA256
5d14d6480c4d20dd420d598d6e7f503b7e714ce9d21d56cc73a2f2dbcb1100af
-
SHA512
dc6c4b050269f8cda0e729a577121ea5468dc48e879d46bbf75b8830c6fc4be8e31d8ae296e888c93cb14a981f05c7e5253838c56a0d38120f7d76b9e8788ec2
-
SSDEEP
384:72dM15gbdVJIZX4qFTrtR1836QFlqIknaqRCz+7XEYDiRcHynTL0Jt3:7LAdVJIZFTJ7arFlRkzEYDiFnToJt3
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\udpjzymus.dll,#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\udpjzymus.dll,#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\udpjzymus.dll,#13⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
8KB