Overview

overview

10

Static

static

10

Apache_Ope...es.exe

windows10-ltsc 2021-x64

6

$PLUGINSDI...ns.dll

windows10-ltsc 2021-x64

3

stat.py

windows10-ltsc 2021-x64

3

stats.py

windows10-ltsc 2021-x64

3

statvfs.py

windows10-ltsc 2021-x64

3

stl_01.ott

windows10-ltsc 2021-x64

3

stl_02.ott

windows10-ltsc 2021-x64

3

stl_03.ott

windows10-ltsc 2021-x64

3

swui.dll

windows10-ltsc 2021-x64

3

symbol.py

windows10-ltsc 2021-x64

3

symbols.py

windows10-ltsc 2021-x64

3

symtable.py

windows10-ltsc 2021-x64

3

synchronize.py

windows10-ltsc 2021-x64

3

syntax.py

windows10-ltsc 2021-x64

3

sysconfig.py

windows10-ltsc 2021-x64

3

sysconfig1.py

windows10-ltsc 2021-x64

3

sysdtrans.dll

windows10-ltsc 2021-x64

3

sysmail.uno.dll

windows10-ltsc 2021-x64

3

syssh.uno.dll

windows10-ltsc 2021-x64

3

t602filter.dll

windows10-ltsc 2021-x64

3

tabbedpages.py

windows10-ltsc 2021-x64

3

table.jar

windows10-ltsc 2021-x64

1

tabnanny.py

windows10-ltsc 2021-x64

3

tarfile.py

windows10-ltsc 2021-x64

3

telnetlib.py

windows10-ltsc 2021-x64

3

tempfile.py

windows10-ltsc 2021-x64

3

textoutstream.uno.dll

windows10-ltsc 2021-x64

3

openoffice4115.msi

windows10-ltsc 2021-x64

6

readmes/re...s.html

windows10-ltsc 2021-x64

4

redist/vcr...64.exe

windows10-ltsc 2021-x64

7

redist/vcr...86.exe

windows10-ltsc 2021-x64

7

setup.exe

windows10-ltsc 2021-x64

7

Analysis

  • max time kernel
    437s
  • max time network
    450s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20250113-es
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20250113-eslocale:es-esos:windows10-ltsc 2021-x64systemwindows
  • submitted
    22-01-2025 15:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    swui.dll

  • Size

    1.5MB

  • MD5

    d3d5ae822084770b3cc1ad2e2222c600

  • SHA1

    f58d74dc466b1f8367a65e56f35a8ec2b712291c

  • SHA256

    e525be178ba3ef4f35486b6656913c6857b2b98e89c369a8c069733b30f4662e

  • SHA512

    c8dcecb78ccf406cc98c2f3d92aa8dab3c51a597dcfdc241b77c80194f8df07d800f7f810945c4d4c4f42f63d93462e523a97270ba91c1f4cc2dbf9dd908930c

  • SSDEEP

    24576:poEDbPFctM/m22Jh0bM2dcAE8pnbQPTc/U1oQwLoIVaDPSNubwp4StVxlHh:jbPFctH2dbDlECnbhU1oQwEDPSNuMp4k

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\swui.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2556
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\swui.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1468

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads