Overview

overview

10

Static

static

10

bin\NSOCR.dll

windows7-x64

3

bin\NSOCR.dll

windows10-2004-x64

3

bin\NsBars.dll

windows7-x64

3

bin\NsBars.dll

windows10-2004-x64

3

bin\NsImgLdr.dll

windows7-x64

3

bin\NsImgLdr.dll

windows10-2004-x64

3

bin\NsSpell.dll

windows7-x64

3

bin\NsSpell.dll

windows10-2004-x64

3

bin\Twaindsm.dll

windows7-x64

3

bin\Twaindsm.dll

windows10-2004-x64

3

bin\jnsocr.dll

windows7-x64

3

bin\jnsocr.dll

windows10-2004-x64

3

de.pdf

windows7-x64

3

de.pdf

windows10-2004-x64

3

lib\Viewer.dll

windows7-x64

3

lib\Viewer.dll

windows10-2004-x64

3

lib\glib-2.0.dll

windows7-x64

3

lib\glib-2.0.dll

windows10-2004-x64

3

lib\glibmm-2.4.dll

windows7-x64

3

lib\glibmm-2.4.dll

windows10-2004-x64

3

lib\gmodule-2.0.dll

windows7-x64

3

lib\gmodule-2.0.dll

windows10-2004-x64

3

lib\gobject-2.0.dll

windows7-x64

3

lib\gobject-2.0.dll

windows10-2004-x64

3

lib\gthread-2.0.dll

windows7-x64

3

lib\gthread-2.0.dll

windows10-2004-x64

3

lib\guestS...nt.dll

windows7-x64

3

lib\guestS...nt.dll

windows10-2004-x64

3

lib\intl.dll

windows7-x64

3

lib\intl.dll

windows10-2004-x64

3

lib\pcre.dll

windows7-x64

3

lib\pcre.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    23-01-2025 14:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    lib\gmodule-2.0.dll

  • Size

    25KB

  • MD5

    2d6688fa479e1795d62763fc8ab6cb36

  • SHA1

    9b0dc5ce61bc7162a779aca03ed92e09adc55f52

  • SHA256

    335380d7b84007738565fa424b6d7c7b898b561d9c38f2be0e8bc10d11ac078c

  • SHA512

    d1f68cf97e6f50aaf67caba3b76a0e3e7eef5eb764418abaa31360ce53567e658c6167e4bb2cb4cf22a4361eeb38cc9dedbe10955fb7e62cbbe208093fd2e657

  • SSDEEP

    384:RJHZl2yJLRHtpFJp4JbHEiiiHqx+bC9bBL1cIYiBpxxeuFA4i/8E9VFL2UtHk:DZtfBp49C8+VBL1NYi3DeuFAeEd8

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\lib\gmodule-2.0.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2196
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\lib\gmodule-2.0.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious behavior: EnumeratesProcesses
      PID:2236

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2236-0-0x0000000000170000-0x0000000000171000-memory.dmp

    Filesize

    4KB

    Download