Overview

overview

10

Static

static

10

Nursultan ...er.exe

windows7-x64

10

Nursultan ...er.exe

windows10-2004-x64

10

Nursultan ...pp.dll

windows7-x64

1

Nursultan ...pp.dll

windows10-2004-x64

1

Nursultan ....2.jar

windows7-x64

1

Nursultan ....2.jar

windows10-2004-x64

1

Nursultan ...32.dll

windows7-x64

3

Nursultan ...32.dll

windows10-2004-x64

3

Nursultan ...64.dll

windows7-x64

1

Nursultan ...64.dll

windows10-2004-x64

1

Nursultan ...64.dll

windows7-x64

3

Nursultan ...64.dll

windows10-2004-x64

1

Nursultan ...86.dll

windows7-x64

3

Nursultan ...86.dll

windows10-2004-x64

3

Nursultan ...x8.dll

windows7-x64

3

Nursultan ...x8.dll

windows10-2004-x64

3

Nursultan ...64.dll

windows7-x64

1

Nursultan ...64.dll

windows10-2004-x64

1

Nursultan ...aw.dll

windows7-x64

3

Nursultan ...aw.dll

windows10-2004-x64

3

Nursultan ...64.dll

windows7-x64

1

Nursultan ...64.dll

windows10-2004-x64

1

Nursultan ...ab.dll

windows7-x64

3

Nursultan ...ab.dll

windows10-2004-x64

3

Nursultan ...gl.dll

windows7-x64

3

Nursultan ...gl.dll

windows10-2004-x64

3

Nursultan ...64.dll

windows7-x64

1

Nursultan ...64.dll

windows10-2004-x64

1

Analysis

  • max time kernel
    135s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/03/2025, 14:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Nursultan 1.12.2-1.16.5 Crack/java/natives/jinput-wintab.dll

  • Size

    55KB

  • MD5

    7b5d669b490d5737d8a9d1f96274e2e5

  • SHA1

    e7b9beead279298611d0c4753089d3af07c4c9e9

  • SHA256

    59201c94eb563025e47fe6b6f5c4dc326f0059d49285e2d3a44482cb60ffc9e2

  • SHA512

    ac43cfe9e3ef9dc0e1d2e49a8bbba041b5eca0d4822e694031c694f463017f39ad0131b9f689cc30d177bbf0253f6d2942314683c1ab51a54674ad1309baaeff

  • SSDEEP

    768:gxucOm6iQLZXNvJGgY1mus+XBpkJ3L6GAwk44Rv+1mYxTauAR:ZcZQbzZC8J3LfA0Wk1T4R

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.12.2-1.16.5 Crack\java\natives\jinput-wintab.dll",#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2992
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Nursultan 1.12.2-1.16.5 Crack\java\natives\jinput-wintab.dll",#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:552

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads