Overview

overview

10

Static

static

1

Ns/AudioCapture.dll

windows7-x64

3

Ns/AudioCapture.dll

windows10-2004-x64

3

Ns/HTCTL32.dll

windows7-x64

3

Ns/HTCTL32.dll

windows10-2004-x64

3

Ns/PCICHEK.dll

windows7-x64

3

Ns/PCICHEK.dll

windows10-2004-x64

3

Ns/PCICL32.dll

windows7-x64

3

Ns/PCICL32.dll

windows10-2004-x64

3

Ns/TCCTL32.dll

windows7-x64

3

Ns/TCCTL32.dll

windows10-2004-x64

3

Ns/client32.exe

windows7-x64

10

Ns/client32.exe

windows10-2004-x64

10

Ns/msvcr100.dll

windows7-x64

3

Ns/msvcr100.dll

windows10-2004-x64

3

Ns/pcicapi.dll

windows7-x64

3

Ns/pcicapi.dll

windows10-2004-x64

3

Ns/remcmdstub.exe

windows7-x64

3

Ns/remcmdstub.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    139s
  • max time network
    139s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06-02-2025 15:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Ns/AudioCapture.dll

  • Size

    87KB

  • MD5

    7629af8099b76f85d37b3802041503ee

  • SHA1

    f40a5efcb9dee679de22658c6f95c7e9c0f2f0c0

  • SHA256

    2cc8ebea55c06981625397b04575ed0eaad9bb9f9dc896355c011a62febe49b5

  • SHA512

    c209714ffdb0b95595583976340f2eb901eb9895f2f420afc4ca3c12744432e52fbedfd857b56cb347d4475df7678bd42d43f221208a108384e1df5aaf7d19e4

  • SSDEEP

    768:ZrOxYZwDgyfoVD/Ksdl0R8rKZEmU2ffE7CdmW1B1jvmhxccp2UvHNORpPePtJPv4:ZrOxDJs/Ksdl0R1dBmhFJERpPyJPvuXR

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\Ns\AudioCapture.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:5052
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\Ns\AudioCapture.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4772

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads