Overview

overview

10

Static

static

8

TradingVie...op.exe

windows7-x64

10

TradingVie...op.exe

windows10-2004-x64

10

apt/SysWOW...nt.dll

windows10-2004-x64

3

apt/SysWOW...SE.dll

windows10-2004-x64

3

apt/SysWOW...vc.dll

windows10-2004-x64

3

apt/SysWOW...st.dll

windows10-2004-x64

3

apt/SysWOW...al.dll

windows10-2004-x64

3

apt/SysWOW...rs.dll

windows10-2004-x64

3

apt/SysWOW...fc.dll

windows10-2004-x64

3

apt/SysWOW...RT.dll

windows10-2004-x64

3

apt/SysWOW...al.dll

windows10-2004-x64

3

apt/SysWOW...Rt.dll

windows10-2004-x64

3

apt/SysWOW...er.dll

windows10-2004-x64

3

apt/SysWOW...PL.dll

windows10-2004-x64

3

apt/SysWOW...PL.dll

windows10-2004-x64

1

apt/SysWOW...nt.dll

windows10-2004-x64

3

apt/SysWOW...er.dll

windows10-2004-x64

3

apt/SysWOW...er.dll

windows10-2004-x64

3

apt/SysWOW...ds.dll

windows10-2004-x64

3

apt/SysWOW...er.dll

windows10-2004-x64

3

apt/SysWOW...pl.dll

windows10-2004-x64

3

apt/SysWOW...ub.dll

windows10-2004-x64

3

apt/SysWOW...as.dll

windows10-2004-x64

3

apt/SysWOW...ts.dll

windows10-2004-x64

3

apt/SysWOW...on.dll

windows10-2004-x64

3

apt/SysWOW...pi.dll

windows10-2004-x64

3

apt/SysWOW...op.dll

windows10-2004-x64

3

apt/SysWOW...SP.dll

windows10-2004-x64

3

apt/SysWOW...on.dll

windows10-2004-x64

3

apt/SysWOW...er.dll

windows10-2004-x64

3

apt/SysWOW...PS.dll

windows10-2004-x64

3

apt/SysWOW...32.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    114s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250314-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/03/2025, 02:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    apt/SysWOW64/AppContracts.dll

  • Size

    753KB

  • MD5

    18b285d22631c1c2a3d31a22e0077bb5

  • SHA1

    7361e3f1edcec6192dde3eb048eb017a265a8569

  • SHA256

    399f410e348cc83f7b99f8e1fb2682dd07dab9a6636042ceef7d674b9cea7490

  • SHA512

    5753d8216a63c2ba12c5c6b3ef982dbe7cb5a89c540ae3c3d69b348ab2829d10fe54d830c43e37e7b08569248078cda3442c87d37f804592307739613605e290

  • SSDEEP

    12288:OuptsRTC3FT9Zh1NX+UQbsuXvL+qDlQhH6Hy66:OuptsRTC3FT9z1NX+Uk1vLrGH6HF6

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\system32\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\apt\SysWOW64\AppContracts.dll,#1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3092
    • C:\Windows\SysWOW64\rundll32.exe
      rundll32.exe C:\Users\Admin\AppData\Local\Temp\apt\SysWOW64\AppContracts.dll,#1
      2⤵
      • System Location Discovery: System Language Discovery
      PID:4940

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads