Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
06/03/2025, 14:45
General
-
Target
Nursultan 1.12.2-1.16.5 Crack/java/natives/jinput-dx8.dll
-
Size
60KB
-
MD5
ec587acff9c06d699829908b515ea17e
-
SHA1
50348b2958b017df3bf30d7915ab61a4cb9a2b33
-
SHA256
89779abf806a93dd809bc7a4914967d0e6924dedf293afd48dd205dbce87d8b8
-
SHA512
2a7895d6196e3f1f740982bd4d0daeba255a033c971638e3aebd2cd2233c39f7c8e92c72d2eeb41f8b368d388a3b270fee2cbe219ee239f5d62af9f6f8ed72d7
-
SSDEEP
768:2Rj4ZLedvA5Z3cYlqcMOml0V6jY/MDS5TQkuzFqIn1pCDFECBXT7kE:gyLwvA/cYuLpYMSp2zJn330TT
Score
3/10
Malware Config
Signatures
-
System Location Discovery: System Language Discovery 1 TTPs 1 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.12.2-1.16.5 Crack\java\natives\jinput-dx8.dll",#11⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exerundll32.exe "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.12.2-1.16.5 Crack\java\natives\jinput-dx8.dll",#12⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-