7bbf333a1b6b70d8024b8b6d0ccfe94a6eabc0aa9fb91fa7877f975574351aee

Analysis

max time kernel
148s
max time network
152s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
19/03/2025, 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9fff774f7b884d713b79002830029c2d79913185b541badc05f1b73934033708.dll
Size

152KB
MD5

577e1a301e91440b920f24e7f6603d45
SHA1

25b43ca3223bde4e288990105ee8e782fa8725cf
SHA256

9fff774f7b884d713b79002830029c2d79913185b541badc05f1b73934033708
SHA512

c3d3493a9d8b8954794e0abeefa79b12274e94f41b70a11ab03448226a9329f830cab56dc599c5fc9cc2b3a9b41d8f16c2ea94ef882b459c138f44a8a63288f6
SSDEEP

3072:ZBHK5F/WP58F7zGcut4TnIN1HG89Cf/3B2rr4j1tTBfzZv9wo56frWg:X8F/e58tK4TIN1HG89CH0Ij1tTBF1woF

Score

3^/10

discovery

Malware Config

Signatures

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2856	rundll32.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2772 wrote to memory of 2856	2772	rundll32.exe	30
PID 2772 wrote to memory of 2856	2772	rundll32.exe	30
PID 2772 wrote to memory of 2856	2772	rundll32.exe	30
PID 2772 wrote to memory of 2856	2772	rundll32.exe	30
PID 2772 wrote to memory of 2856	2772	rundll32.exe	30
PID 2772 wrote to memory of 2856	2772	rundll32.exe	30
PID 2772 wrote to memory of 2856	2772	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9fff774f7b884d713b79002830029c2d79913185b541badc05f1b73934033708.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9fff774f7b884d713b79002830029c2d79913185b541badc05f1b73934033708.dll,#1
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads