801397812be62baddb411c3ef74127bb1c55c725575de1e13fad5a3f6257ccaf

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
29/01/2025, 19:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Dark Spy/Engine/Qt5/Qt5/plugins/imageformats/qgif.dll
Size

33KB
MD5

e3a1338efadabb9fc23d955af9a7e070
SHA1

dfbe82b183fff002a2e841d73474c78f646fdba2
SHA256

f1fa3bfeea6a600f2c6d209775154cee349b7f687cb4f7213a8cad8870dbb812
SHA512

0413a6116e227fa6a3dd7da6fa4bb8db59ed64fc16e37bfa49ca28c687fe791941b3a23193796eb0ece458e87f9f78f587b3a1fe0f188b63b9148037997df1a2
SSDEEP

768:aL5MPkjurnzyuVlfehyScQeOYGuOU9OOHhTNAYFdDGzUf2hW:aNYnzyuLeEfQeFGuOU9OOHhZAYFOUf5

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4084 wrote to memory of 2988	4084	rundll32.exe	81
PID 4084 wrote to memory of 2988	4084	rundll32.exe	81
PID 4084 wrote to memory of 2988	4084	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Dark Spy\Engine\Qt5\Qt5\plugins\imageformats\qgif.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Dark Spy\Engine\Qt5\Qt5\plugins\imageformats\qgif.dll",#1
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads