Overview

overview

10

Static

static

10

bin\NSOCR.dll

windows7-x64

3

bin\NSOCR.dll

windows10-2004-x64

3

bin\NsBars.dll

windows7-x64

3

bin\NsBars.dll

windows10-2004-x64

3

bin\NsImgLdr.dll

windows7-x64

3

bin\NsImgLdr.dll

windows10-2004-x64

3

bin\NsSpell.dll

windows7-x64

3

bin\NsSpell.dll

windows10-2004-x64

3

bin\Twaindsm.dll

windows7-x64

3

bin\Twaindsm.dll

windows10-2004-x64

3

bin\jnsocr.dll

windows7-x64

3

bin\jnsocr.dll

windows10-2004-x64

3

de.pdf

windows7-x64

3

de.pdf

windows10-2004-x64

3

lib\Viewer.dll

windows7-x64

3

lib\Viewer.dll

windows10-2004-x64

3

lib\glib-2.0.dll

windows7-x64

3

lib\glib-2.0.dll

windows10-2004-x64

3

lib\glibmm-2.4.dll

windows7-x64

3

lib\glibmm-2.4.dll

windows10-2004-x64

3

lib\gmodule-2.0.dll

windows7-x64

3

lib\gmodule-2.0.dll

windows10-2004-x64

3

lib\gobject-2.0.dll

windows7-x64

3

lib\gobject-2.0.dll

windows10-2004-x64

3

lib\gthread-2.0.dll

windows7-x64

3

lib\gthread-2.0.dll

windows10-2004-x64

3

lib\guestS...nt.dll

windows7-x64

3

lib\guestS...nt.dll

windows10-2004-x64

3

lib\intl.dll

windows7-x64

3

lib\intl.dll

windows10-2004-x64

3

lib\pcre.dll

windows7-x64

3

lib\pcre.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-01-2025 14:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bin\Twaindsm.dll

  • Size

    147KB

  • MD5

    569eb253765f2b0854f26a1d7a0191bc

  • SHA1

    40c724c1622978e3df98b4cad5e8475a79fc89eb

  • SHA256

    ba747e28769d85458a33a61a2a230435612e376f99b9a2dc104a817e2d451bfa

  • SHA512

    5be9e30eb40118386b643235e70873f86bc6266b5f61d12ed118d6b8a476643cbfd85b288f2c680782c5a26342792514b0a9c7e53c1020c2b972751c90fa6f13

  • SSDEEP

    1536:/ZXCPRnHmPdKh2u9HAZ2H734pkGc239Y2/kyhrp0RW9m5waX6PF15s14dyw2r:/ZyRHmP8AudAZ2H74+2ROayXEF15LdyT

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\Twaindsm.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3400
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin\Twaindsm.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:1020

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads