9d3bff1e8d84def24d52982b30cdda2403fb5645ac7e1b6fa7143c3810bb664d

Analysis

max time kernel
93s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2025 21:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Exloader/RarExt.dll
Size

2.4MB
MD5

ed48227dc6b9d864a143860aabf7a6a0
SHA1

e1006e30d3b46fc3653670b87c9288345442bdd6
SHA256

ca28db0c93c75fb5c010e1ec2a49f52bd823665db41a4d1a5ff35a0e9c3837a3
SHA512

d8b7375cad136a92c646f1e30a1777fab2ff3f1af83b514e5a98e759303b11ba9b688d62c7688faa99798cb84f7a68386dbc034ae446896e4be9892b00fb2ed2
SSDEEP

49152:rtmNUM5ex9duVqpy2suVH9BAzvWF4i1TxWLcOGTGS4gYe:rIJebHbAzv1Iz

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4196 wrote to memory of 1148	4196	rundll32.exe	82
PID 4196 wrote to memory of 1148	4196	rundll32.exe	82
PID 4196 wrote to memory of 1148	4196	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Exloader\RarExt.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Exloader\RarExt.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads